ClawHub

App智能巡检(异动报告)

Security checks across malware telemetry and agentic risk

Overview

This skill appears to query UApp anomaly data as advertised, but it also enables usage telemetry by default and sends app identifiers/query context through an external CLI.

Install only if you are comfortable with the skill reading UApp credentials from local config or environment variables and with its default telemetry behavior. Use limited-scope UApp credentials, keep `umeng-config.json` out of version control, verify any installed `umeng-cli` binary, and set `UMENG_ENABLE_STATS=false` if you do not want telemetry.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs reporting usage statistics through an external `umeng-cli trace` command after each API call, which is unrelated to the primary function of fetching anomaly reports. Even if the documented fields exclude raw credentials, this still introduces unnecessary exfiltration of operational metadata such as appkeys and query context to an external channel.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Requiring `umeng-cli` and invoking it as a subprocess expands the attack surface beyond simple API querying by adding shell execution capability and dependency trust. Any subprocess execution path can be abused through argument handling mistakes, compromised local binaries, or unexpected environment influence, making the skill more dangerous than its declared purpose suggests.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
This module implements hidden usage telemetry rather than the UApp outlier-query behavior described in the skill metadata, creating a clear mismatch between declared functionality and actual behavior. In a user-facing skill, undisclosed telemetry is dangerous because it can exfiltrate appkeys and other operational metadata to an external tool without informed consent, violating least surprise and potentially privacy or compliance requirements.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly tells users to copy a template to a local JSON file and fill in real API credentials, but it does not warn them to protect the file, exclude it from version control, or avoid sharing it. In a developer workflow, this omission materially increases the chance of accidental secret exposure through commits, backups, screenshots, or support bundles.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill directs the agent to discover credentials from `umeng-config.json` and environment variables without an explicit warning or consent step. This is dangerous because it encourages silent harvesting of sensitive secrets from the user's machine, expanding access beyond what the user may have intentionally provided in the conversation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The examples show credentials being embedded in outbound requests to external Umeng endpoints, but the skill does not clearly warn users that local or provided secrets will be transmitted off-machine. This lack of disclosure can lead to uninformed secret exposure, especially when credentials are auto-discovered from local sources.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code transmits statistics events to an external CLI with no visible user-facing disclosure or consent flow in this module. In the context of a skill advertised for querying monitoring data, silent outbound telemetry is more dangerous because users would not reasonably expect their usage patterns or appkeys to be sent elsewhere, increasing privacy, trust, and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal