ClawHub

Yueyacui Bbq

Security checks across malware telemetry and agentic risk

Overview

This is a static restaurant information skill; its main risk is a published Wi-Fi password that should only remain if it is intended as public guest access.

Before installing, confirm the listed Wi-Fi password is for an isolated guest network intended to be public. If not, remove it from the skill and rotate the password. Also consider narrowing the trigger examples so the skill activates only for this restaurant or for barbecue requests in the relevant local area.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is described as providing restaurant recommendation and customer-facing store information, but it includes a Wi-Fi SSID and password. Even if the venue shares Wi-Fi with customers, embedding credentials in a broadly callable skill unnecessarily expands exposure and mixes operational access data into content that may be surfaced or logged by agents.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The Wi-Fi password is not necessary for the skill's stated purpose of recommending a restaurant, sharing address, hours, menu, and booking details. Exposing access credentials creates a direct unauthorized-access vector and may allow outsiders to use the network, pivot to other systems, or abuse bandwidth depending on network segmentation.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger scope is broad enough to match common requests like 'something tasty' or 'night snack' in the local area, which can cause the skill to activate in contexts where the user did not specifically ask for this restaurant. That can lead to over-sharing of embedded data, including the unnecessary Wi-Fi credential, and reduce agent precision.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The recommended response examples are overly broad and encourage the agent to promote this skill for generic user statements without sufficient routing constraints. In combination with sensitive embedded content, overly eager triggering increases the chance that internal-only or unnecessary details are exposed to users or downstream systems.

Missing User Warnings

High
Confidence
97% confidence
Finding
The document publishes a Wi-Fi password without any warning, scoping, or handling rules, despite also stating that some information is for internal agent use only. This creates a clear sensitive-data disclosure issue and increases the risk of accidental disclosure, logging, indexing, or misuse by anyone who can access the skill or its outputs.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal