ClawHub

Xpeng Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill is purpose-aligned for XPeng data monitoring, but it asks users for eu-evs.com passwords and handles them in risky ways.

Review this skill carefully before installing. It appears to fetch the advertised XPeng data, but avoid giving it a real or reused password. Use a dedicated eu-evs.com account with a unique temporary password, and delete scripts/.eu-session.json after use if you do not want the session retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to ask users for their eu-evs.com email and password in plain language, which normalizes secret collection through the chat channel. This is dangerous because users may reuse passwords, and the agent-mediated handling of raw credentials increases exposure risk through logs, memory, or downstream tooling.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill stores authenticated session cookies in a local file for reuse without prominently disclosing that behavior up front to the user. Persisted session state can be reused by later runs or other processes with file access, effectively extending authenticated access beyond the user’s immediate intent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script explicitly states that successful login sessions are saved to `.eu-session.json` and later automatically reused, but there is no protection applied to that file and no user-facing consent or warning at execution time. Persisting authentication cookies on disk can expose an active authenticated session to other local users, logs, backups, or later unintended agent actions, especially in shared or multi-tenant environments.

Ssd 3

High
Confidence
99% confidence
Finding
The skill directs the agent to solicit credentials and pass them as command-line arguments to a script. This is especially risky because command-line arguments may be exposed through process listings, shell history, execution logs, or telemetry, causing credential leakage even if the script itself is otherwise legitimate.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal