ClawHub

Alibabacloud Iqs Weather Query

Security checks across malware telemetry and agentic risk

Overview

The weather lookup is legitimate, but the skill tells the agent to modify its own parser code after reading third-party weather pages.

Install only if you are comfortable providing an Alibaba Cloud IQS API key and manually reviewing any parser changes. Do not allow the agent to automatically edit scripts/weather.mjs based on raw webpage content; treat rawText and evolveHint as untrusted and require explicit code review for parser additions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly tells the agent to self-modify by writing and registering new parser code after encountering arbitrary unknown site content. That exceeds a weather-query skill's stated purpose and creates an unsafe path from untrusted web content to code changes, which can lead to persistence, supply-chain-style tampering, or accidental breakage without user awareness.

Context-Inappropriate Capability

Low
Confidence
85% confidence
Finding
The extension section normalizes code changes to parser routing and search priority inside an end-user skill document. While framed as extensibility guidance, it still expands the agent's effective authority beyond lookup into maintaining and altering behavior, which is not justified for routine weather queries.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The raw-mode fallback includes an explicit `evolveHint` directing an agent to analyze untrusted page content and then modify `scripts/weather.mjs` by writing and registering a new parser. This creates a self-modification pathway based on adversarial external content, which can turn a simple weather-query skill into a code-generation/update workflow without human review.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs the agent to modify code without any confirmation, warning, sandboxing, or approval gate. Because the trigger is unknown-site content from the web, this creates an unsafe autonomous write action that can be abused or can silently introduce faulty code into the skill.

Ssd 4

Medium
Confidence
94% confidence
Finding
The documented 'continuous evolution' behavior tells the agent to first process arbitrary web content and then use that content as the basis for self-modification. This is dangerous because it couples untrusted external input to persistent behavioral changes, increasing the risk of prompt-injection-driven code updates, malicious parser logic, or destabilization over time.

Ssd 4

High
Confidence
98% confidence
Finding
The fallback path converts untrusted webpage text into an agent-facing prompt that first asks for extraction and then asks for authoring a new parser and updating the registry. This is dangerous because hostile page content can shape the agent's understanding and influence follow-on code changes, creating a prompt-injection-to-self-modification chain that exceeds the skill's weather-query purpose.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal