ClawHub

写贷款PRD

Security checks across malware telemetry and agentic risk

Overview

This PRD-writing skill is coherent, but it can broadly read internal Feishu knowledge bases and write a document to Feishu without clear user approval or destination controls.

Install only if you expect the agent to use Feishu for this workflow. Before use, explicitly tell the agent which Feishu pages to read, require it to show the PRD draft first, and approve the exact Feishu destination before it writes anything.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a PRD generator, but its workflow additionally directs the agent to write the generated document into Feishu, which is an external side effect not clearly disclosed in the top-level capability description. This creates a risk of unauthorized modification of external documents or workspaces if the agent has connected credentials, especially when users may expect only text generation.

Context-Inappropriate Capability

Low
Confidence
78% confidence
Finding
The skill mandates broad retrieval across three Feishu knowledge bases and deep subpages, which expands data access well beyond what is implied by a simple PRD-generation trigger. This can cause unnecessary exposure of unrelated internal documents, over-collection of sensitive business information, and use of data outside the user's immediate need.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instruction to write the completed PRD directly into Feishu lacks any user-facing warning, approval step, or destination validation before modifying an external system. In an agent environment, silent writes to collaborative documents can overwrite content, publish incorrect material, or create unauthorized records without the user realizing an action beyond text generation occurred.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal