ClawHub

错题小助手

Security checks across malware telemetry and agentic risk

Overview

This study-helper skill is mostly coherent, but it needs review because its file writes are too loosely scoped for a tool that stores and exports private study records.

Install only if you are comfortable with a local-file skill that creates persistent study records. Keep it in a private workspace, avoid untrusted topic names or export paths, do not open exported HTML containing copied untrusted content, and prefer a revised version that constrains writes to mistake-data/ and mistake-exports/, escapes HTML output, and confirms export/delete actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tainted flow: 'output_path' from os.environ.get (line 279, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
output_path = OUTPUT_DIR / f"mistakes_{timestamp}{ext}"
    
    output_path.parent.mkdir(parents=True, exist_ok=True)
    with open(output_path, 'w', encoding='utf-8') as f:
        f.write(content)
    
    return f"✅ 已导出到: {output_path}"
Confidence
94% confidence
Finding
with open(output_path, 'w', encoding='utf-8') as f:

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill describes file read/write and possible environment-backed execution capabilities but does not declare permissions. This creates a transparency and governance gap: users and hosting platforms cannot accurately evaluate what data the skill can access or modify, which is especially relevant because it stores and exports user study records locally.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill states that user mistake data is stored in the workspace and may be synced across devices, but it does not warn users about persistence, retention, or privacy exposure. Study records can contain personal information, school details, handwritten content, or copyrighted material, so silent local storage and sync can lead to unintended disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The OCR feature implies processing screenshots or images that may contain sensitive personal, educational, or account information, but the skill gives no warning or consent flow. Users may unknowingly submit more data than intended, and image contents often include metadata or unrelated on-screen information beyond the question itself.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill supports exporting and deleting user data without warning about accidental disclosure or irreversibility. Export features can spread sensitive records into less protected formats or locations, and deletion without confirmation or recovery guidance can cause permanent data loss.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
This code writes detailed mistake-book contents, including questions, answers, reasons, and notes, to disk without any confirmation, warning, or data minimization. In this skill context, that content is personal study history and may include sensitive educational records or copyrighted material, so silent export increases the risk of unintended disclosure through shared workspaces, backups, or other local users/processes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal