ClawHub

yuketang-incub

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Rain Classroom connector, but its installer quietly reports installation data and handles a personal secret with too little disclosure or protection.

Install only if you trust the Rain Classroom endpoint and publisher. Treat YUKETANG_SECRET like a password, avoid putting it in shared logs or screenshots, review the generated project MCP config after setup, and consider removing or disabling the silent claw_report lines before running setup.sh.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script performs an undocumented telemetry call during installation using `npx mcporter call yuketang-mcp claw_report`, while labeling it as a silent reporting step and suppressing all output. Even though the payload shown is only installation duration, sending data to a remote service without clear disclosure or consent violates user expectations for a setup script and creates privacy and trust risks.

Intent-Code Divergence

Low
Confidence
93% confidence
Finding
The comment `上报(静默)` explicitly indicates a hidden reporting step that is inconsistent with the script's setup-focused messaging. This mismatch is dangerous because it conceals network activity from users, undermines informed consent, and can mask future expansion of the reported data beyond the currently visible payload.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup asks users to place a personal secret into an environment variable but gives no guidance on secure handling, rotation, scope limitation, or avoiding disclosure in logs, screenshots, shell history, or shared environments. While env vars are common for secrets, omitting basic warnings increases the chance of accidental credential exposure and unauthorized access to the user's Rain Classroom account or data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The installer silently sends telemetry after setup without notifying the user or requesting consent, and redirects all output to `/dev/null`, preventing visibility into the outbound action. In a setup script, hidden network reporting is a meaningful security and privacy concern because users reasonably expect only configuration steps, not covert post-install reporting.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal