ClawHub

wacai-index-official-website-demand-dev

Security checks across malware telemetry and agentic risk

Overview

This skill matches its stated purpose, but it can publish repository changes and send project details to a built-in WeCom webhook without a clear final approval step.

Install only if you are comfortable with an agent modifying a specified repository, staging all changes, pushing to a branch, and sending repository metadata to Enterprise WeChat. Replace and rotate the embedded webhook, use a safe feature branch, review diffs before commit/push, and disable or tightly configure notifications for sensitive projects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly invokes shell commands, reads/writes files, and triggers outbound network notifications, yet it declares no permissions or capability boundaries. That mismatch is dangerous because users and hosting systems cannot accurately assess or constrain what the skill can do, increasing the risk of unexpected repository changes, filesystem access, and external data transmission.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented behavior says the skill will modify code per requirements, run validation, and then push, but the analysis indicates it omits validation and includes an undisclosed hardcoded WeCom webhook URL. This creates a high-risk integrity and confidentiality issue: code may be committed and pushed without checks, while project metadata and change summaries may be sent to an external endpoint the user was never told about.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill requires sending a webhook after push and includes project path, branch, commit data, and code-change details, but it does not warn that this information leaves the local environment. In this context, that is especially sensitive because repository structure, branch names, filenames, and change summaries can reveal internal project details or business plans to an external service.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script transmits repository path, branch name, commit hash/subject, changed-file-derived summaries, and potentially user-supplied summary text to an external WeCom webhook. In this skill context, the tool is designed to modify proprietary website code and demand documents, so automatic outbound notification can leak sensitive internal metadata or business requirements to a third-party endpoint, especially because a default hard-coded webhook is embedded and there is no explicit consent or redaction step.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This script performs a full write-and-publish Git workflow against a user-supplied project directory and branch: checkout, pull, add, commit, push, then triggers an outbound notification. In the context of an agent skill designed to modify official website code automatically, the lack of any confirmation, dry-run gate, branch allowlist, or push safeguard materially increases the chance of unauthorized or unintended code publication to a remote repository.

VirusTotal

37/37 vendors flagged this skill as clean.

View on VirusTotal