ClawHub

Skills of A-share news data released by ft.tech.

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward market.ft.tech news search wrapper with disclosed network use and no evidence of hidden, destructive, or credential-seeking behavior.

Install this only if you are comfortable sending your news search terms and optional time filters to market.ft.tech. Use explicit prompts that mention FT or market.ft.tech news to avoid accidental use for general web news searches.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to execute a local Python entrypoint and implies filesystem reads and outbound network access, but it does not declare any permissions or trust boundaries. This creates a capability mismatch: reviewers and runtime policy may underestimate what the skill can do, increasing the risk of unintended file access, shell execution, or network exfiltration if the skill or sub-skills are modified or abused.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The description uses broad trigger language such as semantic or keyword-based news search without clear boundaries or exclusion criteria. Overbroad routing can cause the skill to be invoked for loosely related requests, leading the agent to execute code and make network requests when the user did not intend to use this tool.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The user-phrasing table maps generic phrases directly to the sub-skill but does not provide negative examples, qualifiers, or tie-breakers. In an agentic environment, this can cause unintended invocation and unnecessary execution of the Python runner and external requests based on ambiguous user wording.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger description is broad enough to match generic requests about searching news, which can cause this skill to be invoked when the user did not specifically intend to use this data source or its limitations. In an agent setting, over-broad routing can lead to incorrect tool selection, misleading answers, and unintended disclosure of external content or links from a narrower dataset.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill description prescribes Chinese-language behavior without stating that this should depend on the user's language preference. This can override user intent, degrade reliability, and in multilingual environments create prompt-routing bias where the agent responds in an unintended language or selects this skill for users who did not ask for Chinese output.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal