ClawHub

Confucius Debug

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real debugging helper, but it can send error text, identifiers, logs, environment details, and project structure to a third-party service while its privacy text understates that sharing.

Install only if you are comfortable sending debugging queries and analysis data to api.washinmura.jp. Before using search, analyze, escalate, or contribute, redact tokens, API keys, customer data, internal URLs, private paths, stack traces with secrets, and proprietary code details; use a non-sensitive CONFUCIUS_LOBSTER_ID; and avoid escalation unless you have reviewed exactly what logs and environment information will be submitted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The privacy section claims no environment variables are sent, yet the escalation workflow explicitly sends environment details and may include sensitive configuration metadata in logs or dependency/version data. This is a misleading disclosure issue that can cause users to share more sensitive information than they intended.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill encourages escalation with environment details and logs to an external service without a prominent warning at the point of use. Logs and environment descriptions frequently contain secrets, tokens, internal hostnames, or confidential operational details, making this a real data-exposure risk.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The analyze example transmits a user identifier to a third-party API, but the tool description does not clearly disclose that identity data is sent. While the identifier appears limited, undisclosed external transmission of even pseudonymous identifiers is still a privacy and consent issue.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script sends user-supplied error descriptions, optional stack traces, and an environment-linked identifier to a third-party API. In a debugging context, those fields can easily contain secrets, internal paths, tokens, customer data, or proprietary code details, and the script only gives a vague status message rather than obtaining explicit informed consent at send time.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends the user's raw query to a third-party API at execution time, but the only notice is in comments and not presented as an explicit runtime consent or warning. Error descriptions often contain secrets, internal hostnames, stack traces, tokens, or proprietary code details, so silent transmission can leak sensitive information outside the local environment.

Ssd 3

Medium
Confidence
98% confidence
Finding
The instructions tell users to submit logs, environment details, and project structure to a remote service, but later privacy statements imply such information does not leave the machine. This inconsistency materially increases the risk of accidental oversharing because users may rely on false assurances.

Ssd 3

Medium
Confidence
99% confidence
Finding
The escalation tool explicitly requests logs, environment metadata, and project structure for delivery to a remote endpoint. In debugging contexts, these fields commonly contain secrets, internal paths, service names, stack traces, and architecture details that could expose sensitive information to a third party.

External Transmission

Medium
Category
Data Exfiltration
Content
--arg lid "$LOBSTER_ID" \
  '{error_description: $desc, error_message: $msg, lobster_id: $lid, channel: "clawhub"}')

RESPONSE=$(curl -s --max-time 30 -X POST "$API_URL" \
  -H "Content-Type: application/json" \
  -d "$BODY") || {
  echo "❌ Cannot reach Confucius API (api.washinmura.jp). Check your internet or try again later."
Confidence
96% confidence
Finding
curl -s --max-time 30 -X POST "$API_URL" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
echo "🔍 Searching YanHui KB for: ${QUERY:0:80}..."
echo ""

RESPONSE=$(curl -s --max-time 15 -w "%{http_code}" -o >(cat) -X POST "$API_URL" \
  -H "Content-Type: application/json" \
  -d "{\"query\": $(echo "$QUERY" | jq -Rs .), \"limit\": 5, \"channel\": \"clawhub\"}" 2>/dev/null) || {
  echo "❌ Cannot reach Confucius API (api.washinmura.jp). Check your internet or try again later."
Confidence
93% confidence
Finding
curl -s --max-time 15 -w "%{http_code}" -o >(cat) -X POST "$API_URL" \ -H "Content-Type: application/json" \ -d

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal