ClawHub
Back to skill

Security audit

Cnpj Lookup

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent CNPJ lookup skill, but users should understand that lookups go to third-party public APIs and may be cached locally.

Install only if you are comfortable with CNPJ lookup terms being sent to third-party public API providers and with returned company data being cached locally. For confidential investigations, confirm the provider and cache location first, or disable/clear the cache after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises execution via local scripts and external API access, implying network, file, and possibly environment capabilities, but it does not declare permissions explicitly. This creates a transparency and policy-enforcement gap: users and the platform may not realize sensitive data can be written to disk, read from cache, or sent over the network to third parties.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly states that the skill queries public Brazilian CNPJ APIs, but it does not warn users that their lookup terms and potentially sensitive business-identifying queries will be transmitted to third-party services. In an agent context, users may assume the lookup is local or platform-native, so the lack of a clear privacy/data-sharing disclosure can lead to unintended external disclosure of queried entities and user intent.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation text is broad enough to trigger on general company-information requests such as address, business details, or corporate research, even when the user did not ask for a CNPJ lookup. Over-broad triggering can cause unintended invocation of the skill and unnecessary disclosure of user queries or business identifiers to external services.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill description does not clearly warn that company identifiers and user queries may be transmitted to third-party public APIs such as BrasilAPI, CNPJ.ws, and OpenCNPJ. This is a privacy and data-governance issue because users may reasonably assume the lookup is local or first-party, especially when cache and fallback behavior are involved.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script persists lookup results, including company contact details and QSA data, to a local cache file without any explicit user disclosure or consent flow. While the data may be public or semi-public, silent local retention can create privacy, compliance, and data-handling risks, especially on shared systems or multi-user agent environments.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill transmits the queried CNPJ to third-party public APIs as part of normal operation, but it does so without an explicit user-facing privacy notice. Even if the identifier is for a business entity, the query itself may reveal user investigative intent, and the returned data can include personal/contact information that is then processed by external providers.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal