ClawHub

Call Aida App

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward AIDA API wrapper, but users should know their app ID, query, inputs, and user identifier are sent to AIDA.

Install only if you intend to call AIDA from OpenClaw. Treat appid as a bearer credential, avoid sending secrets, personal data, regulated data, or proprietary documents unless AIDA is approved for that use, prefer stdin over command-line arguments for sensitive payloads, and use call_aida_app.py despite the SKILL.md main.py reference.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide encourages users to send arbitrary `inputs` to an external AIDA API but does not warn that those inputs leave the local environment and may contain sensitive data. In an agent/tooling context, this omission can cause operators to unknowingly transmit secrets, personal data, or proprietary content to a third-party service.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples encourage passing a user identifier via environment variables and later demonstrate logging app IDs, success status, duration, and message fields, with the broader document also showing user email values. In an agent/integration context, this can normalize handling personally identifiable information without privacy guidance, increasing the risk of accidental exposure through process environments, shell history, CI logs, or application log files.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly identifies a remote HTTPS API endpoint and encourages users to send inputs to it, but it does not clearly warn that provided data will leave the local environment and be disclosed to an external service. In an agent-skill context, users may pass sensitive prompts, documents, or secrets, so missing disclosure guidance can lead to unintended data exfiltration.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The quick-start example pipes arbitrary JSON directly into the skill for a first call, but it does not tell the user that this content will be transmitted to a remote third-party service. Because quick-start snippets are often copied verbatim, this omission increases the chance that users will test with real or sensitive data and unknowingly disclose it externally.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly instructs users to send arbitrary `inputs`, optional `query`, and a `user` identifier to a remote AIDA API, but it provides no warning about privacy, retention, sensitivity of transmitted data, or compliance considerations. In a skill intended for agent integration, this increases the chance that operators will pass documents, identifiers, or other sensitive content to a third-party service without informed consent or filtering.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases include generic task language such as “生成变更报告”, which is not uniquely tied to this specific internal Aida skill. That increases the chance the agent will invoke this skill when the user intended a different reporting workflow, causing unintended transmission of user-provided query and inputs to the internal Aida API.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal