ClawHub

天鹅到家做饭钟点工下单 Skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real home-service ordering helper, but it needs Review because the bundled runtime is obfuscated, stores login tokens locally, and contains cleaning-service identifiers that do not cleanly match the cooking-order description.

Only install after reviewing the publisher and confirming this is the intended Tian'e/Daojia ordering integration. Be aware it can use your account authorization, read saved addresses, send location and order details to the service, store tokens locally under your home directory, and create a real paid order after confirmation. The cleaning-service identifiers and obfuscated runtime should be resolved before trusting it for normal use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (451)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
代码核心是一个面向后端接口的通用下单 CLI:先 login/confirm 完成 OAuth/PKCE 授权,再通过业务命令查询地址、搜索 POI、查询开通城市、商品、库存时段,并用 create_order 提交订单。它确实与“上门服务下单”有关,因此与“下单助手”部分有一定相关性;但描述强调的是做饭钟点工、阿姨做饭,以及按菜系/喜欢吃的菜推荐,这些推荐逻辑和做饭专属逻辑在代码中都没有体现。相反,代码更像通用家政服务下单工具,且 run.sh 注释直接写了“保洁下单工具”,说明其实际定位与声明存在明显偏差,因此应判定为不匹配。

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The manifest describes a user-facing helper for ordering cooking/hourly-home-cooking services and cuisine recommendations. In this file, the code creates local auth directories/files, performs PKCE-style login flows, polls for approval, and persists tokens/session state under the user's home directory, which is a broader operational capability than the manifest suggests.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest claims a focused assistant for placing cooking-service orders and recommending services by cuisine or preferred dishes. This file is primarily an obfuscated outpost/bootstrap layer that handles arbitrary command parsing, remote requests, authorization headers, token exchange, and dispatch to a separate business module, so the observable behavior here is much broader and more infrastructural than the declared end-user cooking scope.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The inline documentation says this is a "保洁下单工具启动脚本" (cleaning order tool startup script), which contradicts the manifest's stated purpose of a cooking-order assistant. This is an intent-level mismatch in documentation rather than a mere omission, because it identifies a different service domain entirely.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The README is entirely written in Chinese and repeatedly instructs the user to interact using specific Chinese phrases such as “回复‘已授权’” and “你说‘确认’之后才会生成订单.” There is no indication that other languages are supported or that the Chinese-only interaction is an intentional, documented locale restriction, so this is a natural-language locale policy concern.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The manifest description lists trigger terms such as “做饭”, “钟点工”, “菜系”, “聚餐”, and “喜欢吃的菜”, several of which can appear in ordinary conversation that is not an intent to place an order. Although the file later provides some negative examples, the top-level trigger list itself is broad enough to cause accidental activation in general food or meal-planning discussions.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
The skill description and all prescribed user-facing messages are fixed in Chinese, and the instructions do not provide any option to adapt to the user’s language preference. Under the policy, forcing a specific language without user opt-in is a natural-language policy violation unless clearly documented as a justified region-specific constraint.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This JavaScript file creates an auth directory and writes JSON to AUTH_FILE and SESSION_FILE via writeJson(), storing token and session-related data locally. Although some error/help text exists, there is no clear user-facing warning, confirmation, or readable comment/docstring in this file disclosing that authentication material will be persisted on disk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The file performs HTTP requests with fetch() and sends authentication-related fields such as session identifiers, authorization headers, codes, and tokens to remote endpoints. In this obfuscated file, there is no clear readable warning, confirmation prompt, or explanatory comment informing the user that sensitive auth/session data will be transmitted over the network.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
User-facing strings such as help output and error messages are written in Chinese, and the file does not appear to offer any language selection or explain that the tool is intentionally limited to a Chinese-speaking context. This can violate language/locale policy when a skill imposes a specific language without user opt-in.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
This JavaScript file defines a createOrder flow that collects address-related fields such as poiname, doorNumber, gdLocation, serviceTime, and pricing, then submits them via an authorized request. In the file itself, there is no visible confirmation prompt, print/log disclosure, or explanatory comment/docstring warning the user that personal/location data will be transmitted and an order will be created.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
Several functions in this file perform authorized network requests using user inputs and account-associated data, including address history lookup, POI search, product query, inventory slot query, and order creation. The file contains no visible user-facing notice, confirmation, or explanatory comments describing that these operations contact remote services and may expose personal or location-related information.

Natural-Language Policy Violations

Low
Confidence
67% confidence
Finding
The file includes natural-language strings in Chinese for argument validation and user-facing messaging, and there is no visible mechanism offering a language choice or documenting a locale-specific constraint. Under the policy, hard-coded language behavior can be a violation when the user is not given an explicit opt-in or the restriction is not justified.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The file is entirely written as mandated Chinese user-facing copy, including multiple required display messages such as '展示给用户' text and '统一提示文案'. There is no indication that the skill supports user language selection or that the Chinese-only requirement is explicitly justified as a region-specific policy, which can violate language/locale choice requirements.

Obfuscated Code

High
Category
Supply Chain
Content
'use strict';const _0x5b74c9=_0x27a0;(function(_0x43c431,_0x137590){const _0x4cec7c=_0x27a0,_0x39711c=_0x43c431();while(!![]){try{const _0x52a4b1=parseInt(_0x4cec7c(0x1ff))/0x1+-parseInt(_0x4cec7c(0x1e1))/0x2+-parseInt(_0x4cec7c(0x1b6))/0x3+parseInt(_0x4cec7c(0x20e))/0x4+-parseInt(_0x4cec7c(0x208))/0x5+-parseInt(_0x4cec7c(0x206))/0x6*(parseInt(_0x4cec7c(0x1c0))/0x7)+parseInt(_0x4cec7c(0x1f0))/0x8;if(_0x52a4b1===_0x137590)break;else _0x39711c['push'](_0x39711c['shift']());}catch(_0x357abd){_0x39711c['push'](_0x39711c['shift']());}}}(_0x1438,0x47a08));function _0x1438(){const _0x23b1f5=['\x7a\x76\x72\x6b\x7a\x77\x53','\x43\x4d\x76\x57\x42\x67\x66\x4a\x7a\x71','\x7a\x67\x4c\x4e\x7a\x78\x6e\x30','\x7a\x65\x48\x68\x41\x33\x61','\x35\x50\x2b\x4c\x36\x6b\x2b\x49\x35\x4f\x36\x69\x35\x50\x32\x64\x35\x34\x51\x32\x35\x4f\x63\x62\x35\x41\x73\x58\x36\x6c\x73\x4c','\x43\x33\x72\x48\x43\x4e\x72\x5a\x76\x32\x4c\x30\x41\x61','\x79\x78\x6a\x4e\x44\x47','\x7a\x78\x48\x50\x43\x33\x72\x5a\x75\x33\x4c\x55\x79\x57','\x79\x32\x39\x4b\x7a\x75\x6e\x4f\x79\x77\x58\x53\x7a\x77\x35\x4e\x7a\x75\x31\x4c\x44\x67\x48\x56\x7a\x61','\x35\x4f\x36\x4c\x35\x79\x2b\x4a\x36\x6c\x2b\x75\x35\x7a\x55\x45\x36\x7a\x32\x45\x69\x65\x50\x74\x74\x30\x34\x36\x69\x61','\x44\x77\x35\x52\x42\x4d\x39\x33\x42\x47','\x44\x67\x39\x52\x7a\x77\x35\x75\x45\x78\x62\x4c','\x44\x67\x39\x52\x7a\x77\x34','\x44\x67\x39\x6d\x42\x33\x44\x4c\x43\x4b\x6e\x48\x43\x32\x75','\x44\x33\x6a\x50\x44\x67\x75','\x41\x4d\x39\x50\x42\x47','\x35\x35\x73\x4f\x35\x52\x6f\x76\x6f\x47\x4f','\x43\x33\x72\x4b\x7a\x78\x6a\x59','\x41\x68\x72\x30\x43\x68\x6d\x36\x6c\x59\x39\x51\x41\x77\x66\x36\x41\x67\x76\x55\x7a\x59\x35\x4b\x79\x77\x39\x51\x41\x77\x65\x55\x79\x32\x39\x54\x6c\x32\x6e\x53\x7a\x77\x66\x55\x6c\x32\x6e\x48\x44\x67\x76\x4e\x42\x33\x6a\x35','\x37\x37\x59\x6d\x36\x6b\x2b\x33\x36\x79\x45\x6e\x35\x50\x41\x57\x35\x4f\x4d\x4e\x36\x6b\x67\x6d\x69\x67\x58\x56\x7a\x32\x4c\x55\x69\x63\x30\x54\x7a\x4d\x39\x59\x79\x32\x75','\x43\x4d\x76\x58\x44\x77\x76\x5
...[truncated 27 chars]
Confidence
80% confidence
Finding
_0x43c431(

Obfuscated Code

High
Category
Supply Chain
Content
'use strict';const _0x5b74c9=_0x27a0;(function(_0x43c431,_0x137590){const _0x4cec7c=_0x27a0,_0x39711c=_0x43c431();while(!![]){try{const _0x52a4b1=parseInt(_0x4cec7c(0x1ff))/0x1+-parseInt(_0x4cec7c(0x1e1))/0x2+-parseInt(_0x4cec7c(0x1b6))/0x3+parseInt(_0x4cec7c(0x20e))/0x4+-parseInt(_0x4cec7c(0x208))/0x5+-parseInt(_0x4cec7c(0x206))/0x6*(parseInt(_0x4cec7c(0x1c0))/0x7)+parseInt(_0x4cec7c(0x1f0))/0x8;if(_0x52a4b1===_0x137590)break;else _0x39711c['push'](_0x39711c['shift']());}catch(_0x357abd){_0x39711c['push'](_0x39711c['shift']());}}}(_0x1438,0x47a08));function _0x1438(){const _0x23b1f5=['\x7a\x76\x72\x6b\x7a\x77\x53','\x43\x4d\x76\x57\x42\x67\x66\x4a\x7a\x71','\x7a\x67\x4c\x4e\x7a\x78\x6e\x30','\x7a\x65\x48\x68\x41\x33\x61','\x35\x50\x2b\x4c\x36\x6b\x2b\x49\x35\x4f\x36\x69\x35\x50\x32\x64\x35\x34\x51\x32\x35\x4f\x63\x62\x35\x41\x73\x58\x36\x6c\x73\x4c','\x43\x33\x72\x48\x43\x4e\x72\x5a\x76\x32\x4c\x30\x41\x61','\x79\x78\x6a\x4e\x44\x47','\x7a\x78\x48\x50\x43\x33\x72\x5a\x75\x33\x4c\x55\x79\x57','\x79\x32\x39\x4b\x7a\x75\x6e\x4f\x79\x77\x58\x53\x7a\x77\x35\x4e\x7a\x75\x31\x4c\x44\x67\x48\x56\x7a\x61','\x35\x4f\x36\x4c\x35\x79\x2b\x4a\x36\x6c\x2b\x75\x35\x7a\x55\x45\x36\x7a\x32\x45\x69\x65\x50\x74\x74\x30\x34\x36\x69\x61','\x44\x77\x35\x52\x42\x4d\x39\x33\x42\x47','\x44\x67\x39\x52\x7a\x77\x35\x75\x45\x78\x62\x4c','\x44\x67\x39\x52\x7a\x77\x34','\x44\x67\x39\x6d\x42\x33\x44\x4c\x43\x4b\x6e\x48\x43\x32\x75','\x44\x33\x6a\x50\x44\x67\x75','\x41\x4d\x39\x50\x42\x47','\x35\x35\x73\x4f\x35\x52\x6f\x76\x6f\x47\x4f','\x43\x33\x72\x4b\x7a\x78\x6a\x59','\x41\x68\x72\x30\x43\x68\x6d\x36\x6c\x59\x39\x51\x41\x77\x66\x36\x41\x67\x76\x55\x7a\x59\x35\x4b\x79\x77\x39\x51\x41\x77\x65\x55\x79\x32\x39\x54\x6c\x32\x6e\x53\x7a\x77\x66\x55\x6c\x32\x6e\x48\x44\x67\x76\x4e\x42\x33\x6a\x35','\x37\x37\x59\x6d\x36\x6b\x2b\x33\x36\x79\x45\x6e\x35\x50\x41\x57\x35\x4f\x4d\x4e\x36\x6b\x67\x6d\x69\x67\x58\x56\x7a\x32\x4c\x55\x69\x63\x30\x54\x7a\x4d\x39\x59\x79\x32\x75','\x43\x4d\x76\x58\x44\x77\x76\x5
...[truncated 27 chars]
Confidence
80% confidence
Finding
_0x4cec7c(

Obfuscated Code

High
Category
Supply Chain
Content
'use strict';const _0x5b74c9=_0x27a0;(function(_0x43c431,_0x137590){const _0x4cec7c=_0x27a0,_0x39711c=_0x43c431();while(!![]){try{const _0x52a4b1=parseInt(_0x4cec7c(0x1ff))/0x1+-parseInt(_0x4cec7c(0x1e1))/0x2+-parseInt(_0x4cec7c(0x1b6))/0x3+parseInt(_0x4cec7c(0x20e))/0x4+-parseInt(_0x4cec7c(0x208))/0x5+-parseInt(_0x4cec7c(0x206))/0x6*(parseInt(_0x4cec7c(0x1c0))/0x7)+parseInt(_0x4cec7c(0x1f0))/0x8;if(_0x52a4b1===_0x137590)break;else _0x39711c['push'](_0x39711c['shift']());}catch(_0x357abd){_0x39711c['push'](_0x39711c['shift']());}}}(_0x1438,0x47a08));function _0x1438(){const _0x23b1f5=['\x7a\x76\x72\x6b\x7a\x77\x53','\x43\x4d\x76\x57\x42\x67\x66\x4a\x7a\x71','\x7a\x67\x4c\x4e\x7a\x78\x6e\x30','\x7a\x65\x48\x68\x41\x33\x61','\x35\x50\x2b\x4c\x36\x6b\x2b\x49\x35\x4f\x36\x69\x35\x50\x32\x64\x35\x34\x51\x32\x35\x4f\x63\x62\x35\x41\x73\x58\x36\x6c\x73\x4c','\x43\x33\x72\x48\x43\x4e\x72\x5a\x76\x32\x4c\x30\x41\x61','\x79\x78\x6a\x4e\x44\x47','\x7a\x78\x48\x50\x43\x33\x72\x5a\x75\x33\x4c\x55\x79\x57','\x79\x32\x39\x4b\x7a\x75\x6e\x4f\x79\x77\x58\x53\x7a\x77\x35\x4e\x7a\x75\x31\x4c\x44\x67\x48\x56\x7a\x61','\x35\x4f\x36\x4c\x35\x79\x2b\x4a\x36\x6c\x2b\x75\x35\x7a\x55\x45\x36\x7a\x32\x45\x69\x65\x50\x74\x74\x30\x34\x36\x69\x61','\x44\x77\x35\x52\x42\x4d\x39\x33\x42\x47','\x44\x67\x39\x52\x7a\x77\x35\x75\x45\x78\x62\x4c','\x44\x67\x39\x52\x7a\x77\x34','\x44\x67\x39\x6d\x42\x33\x44\x4c\x43\x4b\x6e\x48\x43\x32\x75','\x44\x33\x6a\x50\x44\x67\x75','\x41\x4d\x39\x50\x42\x47','\x35\x35\x73\x4f\x35\x52\x6f\x76\x6f\x47\x4f','\x43\x33\x72\x4b\x7a\x78\x6a\x59','\x41\x68\x72\x30\x43\x68\x6d\x36\x6c\x59\x39\x51\x41\x77\x66\x36\x41\x67\x76\x55\x7a\x59\x35\x4b\x79\x77\x39\x51\x41\x77\x65\x55\x79\x32\x39\x54\x6c\x32\x6e\x53\x7a\x77\x66\x55\x6c\x32\x6e\x48\x44\x67\x76\x4e\x42\x33\x6a\x35','\x37\x37\x59\x6d\x36\x6b\x2b\x33\x36\x79\x45\x6e\x35\x50\x41\x57\x35\x4f\x4d\x4e\x36\x6b\x67\x6d\x69\x67\x58\x56\x7a\x32\x4c\x55\x69\x63\x30\x54\x7a\x4d\x39\x59\x79\x32\x75','\x43\x4d\x76\x58\x44\x77\x76\x5
...[truncated 27 chars]
Confidence
80% confidence
Finding
_0x4cec7c(

Obfuscated Code

High
Category
Supply Chain
Content
'use strict';const _0x5b74c9=_0x27a0;(function(_0x43c431,_0x137590){const _0x4cec7c=_0x27a0,_0x39711c=_0x43c431();while(!![]){try{const _0x52a4b1=parseInt(_0x4cec7c(0x1ff))/0x1+-parseInt(_0x4cec7c(0x1e1))/0x2+-parseInt(_0x4cec7c(0x1b6))/0x3+parseInt(_0x4cec7c(0x20e))/0x4+-parseInt(_0x4cec7c(0x208))/0x5+-parseInt(_0x4cec7c(0x206))/0x6*(parseInt(_0x4cec7c(0x1c0))/0x7)+parseInt(_0x4cec7c(0x1f0))/0x8;if(_0x52a4b1===_0x137590)break;else _0x39711c['push'](_0x39711c['shift']());}catch(_0x357abd){_0x39711c['push'](_0x39711c['shift']());}}}(_0x1438,0x47a08));function _0x1438(){const _0x23b1f5=['\x7a\x76\x72\x6b\x7a\x77\x53','\x43\x4d\x76\x57\x42\x67\x66\x4a\x7a\x71','\x7a\x67\x4c\x4e\x7a\x78\x6e\x30','\x7a\x65\x48\x68\x41\x33\x61','\x35\x50\x2b\x4c\x36\x6b\x2b\x49\x35\x4f\x36\x69\x35\x50\x32\x64\x35\x34\x51\x32\x35\x4f\x63\x62\x35\x41\x73\x58\x36\x6c\x73\x4c','\x43\x33\x72\x48\x43\x4e\x72\x5a\x76\x32\x4c\x30\x41\x61','\x79\x78\x6a\x4e\x44\x47','\x7a\x78\x48\x50\x43\x33\x72\x5a\x75\x33\x4c\x55\x79\x57','\x79\x32\x39\x4b\x7a\x75\x6e\x4f\x79\x77\x58\x53\x7a\x77\x35\x4e\x7a\x75\x31\x4c\x44\x67\x48\x56\x7a\x61','\x35\x4f\x36\x4c\x35\x79\x2b\x4a\x36\x6c\x2b\x75\x35\x7a\x55\x45\x36\x7a\x32\x45\x69\x65\x50\x74\x74\x30\x34\x36\x69\x61','\x44\x77\x35\x52\x42\x4d\x39\x33\x42\x47','\x44\x67\x39\x52\x7a\x77\x35\x75\x45\x78\x62\x4c','\x44\x67\x39\x52\x7a\x77\x34','\x44\x67\x39\x6d\x42\x33\x44\x4c\x43\x4b\x6e\x48\x43\x32\x75','\x44\x33\x6a\x50\x44\x67\x75','\x41\x4d\x39\x50\x42\x47','\x35\x35\x73\x4f\x35\x52\x6f\x76\x6f\x47\x4f','\x43\x33\x72\x4b\x7a\x78\x6a\x59','\x41\x68\x72\x30\x43\x68\x6d\x36\x6c\x59\x39\x51\x41\x77\x66\x36\x41\x67\x76\x55\x7a\x59\x35\x4b\x79\x77\x39\x51\x41\x77\x65\x55\x79\x32\x39\x54\x6c\x32\x6e\x53\x7a\x77\x66\x55\x6c\x32\x6e\x48\x44\x67\x76\x4e\x42\x33\x6a\x35','\x37\x37\x59\x6d\x36\x6b\x2b\x33\x36\x79\x45\x6e\x35\x50\x41\x57\x35\x4f\x4d\x4e\x36\x6b\x67\x6d\x69\x67\x58\x56\x7a\x32\x4c\x55\x69\x63\x30\x54\x7a\x4d\x39\x59\x79\x32\x75','\x43\x4d\x76\x58\x44\x77\x76\x5
...[truncated 27 chars]
Confidence
80% confidence
Finding
_0x4cec7c(

Obfuscated Code

High
Category
Supply Chain
Content
'use strict';const _0x5b74c9=_0x27a0;(function(_0x43c431,_0x137590){const _0x4cec7c=_0x27a0,_0x39711c=_0x43c431();while(!![]){try{const _0x52a4b1=parseInt(_0x4cec7c(0x1ff))/0x1+-parseInt(_0x4cec7c(0x1e1))/0x2+-parseInt(_0x4cec7c(0x1b6))/0x3+parseInt(_0x4cec7c(0x20e))/0x4+-parseInt(_0x4cec7c(0x208))/0x5+-parseInt(_0x4cec7c(0x206))/0x6*(parseInt(_0x4cec7c(0x1c0))/0x7)+parseInt(_0x4cec7c(0x1f0))/0x8;if(_0x52a4b1===_0x137590)break;else _0x39711c['push'](_0x39711c['shift']());}catch(_0x357abd){_0x39711c['push'](_0x39711c['shift']());}}}(_0x1438,0x47a08));function _0x1438(){const _0x23b1f5=['\x7a\x76\x72\x6b\x7a\x77\x53','\x43\x4d\x76\x57\x42\x67\x66\x4a\x7a\x71','\x7a\x67\x4c\x4e\x7a\x78\x6e\x30','\x7a\x65\x48\x68\x41\x33\x61','\x35\x50\x2b\x4c\x36\x6b\x2b\x49\x35\x4f\x36\x69\x35\x50\x32\x64\x35\x34\x51\x32\x35\x4f\x63\x62\x35\x41\x73\x58\x36\x6c\x73\x4c','\x43\x33\x72\x48\x43\x4e\x72\x5a\x76\x32\x4c\x30\x41\x61','\x79\x78\x6a\x4e\x44\x47','\x7a\x78\x48\x50\x43\x33\x72\x5a\x75\x33\x4c\x55\x79\x57','\x79\x32\x39\x4b\x7a\x75\x6e\x4f\x79\x77\x58\x53\x7a\x77\x35\x4e\x7a\x75\x31\x4c\x44\x67\x48\x56\x7a\x61','\x35\x4f\x36\x4c\x35\x79\x2b\x4a\x36\x6c\x2b\x75\x35\x7a\x55\x45\x36\x7a\x32\x45\x69\x65\x50\x74\x74\x30\x34\x36\x69\x61','\x44\x77\x35\x52\x42\x4d\x39\x33\x42\x47','\x44\x67\x39\x52\x7a\x77\x35\x75\x45\x78\x62\x4c','\x44\x67\x39\x52\x7a\x77\x34','\x44\x67\x39\x6d\x42\x33\x44\x4c\x43\x4b\x6e\x48\x43\x32\x75','\x44\x33\x6a\x50\x44\x67\x75','\x41\x4d\x39\x50\x42\x47','\x35\x35\x73\x4f\x35\x52\x6f\x76\x6f\x47\x4f','\x43\x33\x72\x4b\x7a\x78\x6a\x59','\x41\x68\x72\x30\x43\x68\x6d\x36\x6c\x59\x39\x51\x41\x77\x66\x36\x41\x67\x76\x55\x7a\x59\x35\x4b\x79\x77\x39\x51\x41\x77\x65\x55\x79\x32\x39\x54\x6c\x32\x6e\x53\x7a\x77\x66\x55\x6c\x32\x6e\x48\x44\x67\x76\x4e\x42\x33\x6a\x35','\x37\x37\x59\x6d\x36\x6b\x2b\x33\x36\x79\x45\x6e\x35\x50\x41\x57\x35\x4f\x4d\x4e\x36\x6b\x67\x6d\x69\x67\x58\x56\x7a\x32\x4c\x55\x69\x63\x30\x54\x7a\x4d\x39\x59\x79\x32\x75','\x43\x4d\x76\x58\x44\x77\x76\x5
...[truncated 27 chars]
Confidence
80% confidence
Finding
_0x4cec7c(

Obfuscated Code

High
Category
Supply Chain
Content
'use strict';const _0x5b74c9=_0x27a0;(function(_0x43c431,_0x137590){const _0x4cec7c=_0x27a0,_0x39711c=_0x43c431();while(!![]){try{const _0x52a4b1=parseInt(_0x4cec7c(0x1ff))/0x1+-parseInt(_0x4cec7c(0x1e1))/0x2+-parseInt(_0x4cec7c(0x1b6))/0x3+parseInt(_0x4cec7c(0x20e))/0x4+-parseInt(_0x4cec7c(0x208))/0x5+-parseInt(_0x4cec7c(0x206))/0x6*(parseInt(_0x4cec7c(0x1c0))/0x7)+parseInt(_0x4cec7c(0x1f0))/0x8;if(_0x52a4b1===_0x137590)break;else _0x39711c['push'](_0x39711c['shift']());}catch(_0x357abd){_0x39711c['push'](_0x39711c['shift']());}}}(_0x1438,0x47a08));function _0x1438(){const _0x23b1f5=['\x7a\x76\x72\x6b\x7a\x77\x53','\x43\x4d\x76\x57\x42\x67\x66\x4a\x7a\x71','\x7a\x67\x4c\x4e\x7a\x78\x6e\x30','\x7a\x65\x48\x68\x41\x33\x61','\x35\x50\x2b\x4c\x36\x6b\x2b\x49\x35\x4f\x36\x69\x35\x50\x32\x64\x35\x34\x51\x32\x35\x4f\x63\x62\x35\x41\x73\x58\x36\x6c\x73\x4c','\x43\x33\x72\x48\x43\x4e\x72\x5a\x76\x32\x4c\x30\x41\x61','\x79\x78\x6a\x4e\x44\x47','\x7a\x78\x48\x50\x43\x33\x72\x5a\x75\x33\x4c\x55\x79\x57','\x79\x32\x39\x4b\x7a\x75\x6e\x4f\x79\x77\x58\x53\x7a\x77\x35\x4e\x7a\x75\x31\x4c\x44\x67\x48\x56\x7a\x61','\x35\x4f\x36\x4c\x35\x79\x2b\x4a\x36\x6c\x2b\x75\x35\x7a\x55\x45\x36\x7a\x32\x45\x69\x65\x50\x74\x74\x30\x34\x36\x69\x61','\x44\x77\x35\x52\x42\x4d\x39\x33\x42\x47','\x44\x67\x39\x52\x7a\x77\x35\x75\x45\x78\x62\x4c','\x44\x67\x39\x52\x7a\x77\x34','\x44\x67\x39\x6d\x42\x33\x44\x4c\x43\x4b\x6e\x48\x43\x32\x75','\x44\x33\x6a\x50\x44\x67\x75','\x41\x4d\x39\x50\x42\x47','\x35\x35\x73\x4f\x35\x52\x6f\x76\x6f\x47\x4f','\x43\x33\x72\x4b\x7a\x78\x6a\x59','\x41\x68\x72\x30\x43\x68\x6d\x36\x6c\x59\x39\x51\x41\x77\x66\x36\x41\x67\x76\x55\x7a\x59\x35\x4b\x79\x77\x39\x51\x41\x77\x65\x55\x79\x32\x39\x54\x6c\x32\x6e\x53\x7a\x77\x66\x55\x6c\x32\x6e\x48\x44\x67\x76\x4e\x42\x33\x6a\x35','\x37\x37\x59\x6d\x36\x6b\x2b\x33\x36\x79\x45\x6e\x35\x50\x41\x57\x35\x4f\x4d\x4e\x36\x6b\x67\x6d\x69\x67\x58\x56\x7a\x32\x4c\x55\x69\x63\x30\x54\x7a\x4d\x39\x59\x79\x32\x75','\x43\x4d\x76\x58\x44\x77\x76\x5
...[truncated 27 chars]
Confidence
80% confidence
Finding
_0x4cec7c(

Obfuscated Code

High
Category
Supply Chain
Content
'use strict';const _0x5b74c9=_0x27a0;(function(_0x43c431,_0x137590){const _0x4cec7c=_0x27a0,_0x39711c=_0x43c431();while(!![]){try{const _0x52a4b1=parseInt(_0x4cec7c(0x1ff))/0x1+-parseInt(_0x4cec7c(0x1e1))/0x2+-parseInt(_0x4cec7c(0x1b6))/0x3+parseInt(_0x4cec7c(0x20e))/0x4+-parseInt(_0x4cec7c(0x208))/0x5+-parseInt(_0x4cec7c(0x206))/0x6*(parseInt(_0x4cec7c(0x1c0))/0x7)+parseInt(_0x4cec7c(0x1f0))/0x8;if(_0x52a4b1===_0x137590)break;else _0x39711c['push'](_0x39711c['shift']());}catch(_0x357abd){_0x39711c['push'](_0x39711c['shift']());}}}(_0x1438,0x47a08));function _0x1438(){const _0x23b1f5=['\x7a\x76\x72\x6b\x7a\x77\x53','\x43\x4d\x76\x57\x42\x67\x66\x4a\x7a\x71','\x7a\x67\x4c\x4e\x7a\x78\x6e\x30','\x7a\x65\x48\x68\x41\x33\x61','\x35\x50\x2b\x4c\x36\x6b\x2b\x49\x35\x4f\x36\x69\x35\x50\x32\x64\x35\x34\x51\x32\x35\x4f\x63\x62\x35\x41\x73\x58\x36\x6c\x73\x4c','\x43\x33\x72\x48\x43\x4e\x72\x5a\x76\x32\x4c\x30\x41\x61','\x79\x78\x6a\x4e\x44\x47','\x7a\x78\x48\x50\x43\x33\x72\x5a\x75\x33\x4c\x55\x79\x57','\x79\x32\x39\x4b\x7a\x75\x6e\x4f\x79\x77\x58\x53\x7a\x77\x35\x4e\x7a\x75\x31\x4c\x44\x67\x48\x56\x7a\x61','\x35\x4f\x36\x4c\x35\x79\x2b\x4a\x36\x6c\x2b\x75\x35\x7a\x55\x45\x36\x7a\x32\x45\x69\x65\x50\x74\x74\x30\x34\x36\x69\x61','\x44\x77\x35\x52\x42\x4d\x39\x33\x42\x47','\x44\x67\x39\x52\x7a\x77\x35\x75\x45\x78\x62\x4c','\x44\x67\x39\x52\x7a\x77\x34','\x44\x67\x39\x6d\x42\x33\x44\x4c\x43\x4b\x6e\x48\x43\x32\x75','\x44\x33\x6a\x50\x44\x67\x75','\x41\x4d\x39\x50\x42\x47','\x35\x35\x73\x4f\x35\x52\x6f\x76\x6f\x47\x4f','\x43\x33\x72\x4b\x7a\x78\x6a\x59','\x41\x68\x72\x30\x43\x68\x6d\x36\x6c\x59\x39\x51\x41\x77\x66\x36\x41\x67\x76\x55\x7a\x59\x35\x4b\x79\x77\x39\x51\x41\x77\x65\x55\x79\x32\x39\x54\x6c\x32\x6e\x53\x7a\x77\x66\x55\x6c\x32\x6e\x48\x44\x67\x76\x4e\x42\x33\x6a\x35','\x37\x37\x59\x6d\x36\x6b\x2b\x33\x36\x79\x45\x6e\x35\x50\x41\x57\x35\x4f\x4d\x4e\x36\x6b\x67\x6d\x69\x67\x58\x56\x7a\x32\x4c\x55\x69\x63\x30\x54\x7a\x4d\x39\x59\x79\x32\x75','\x43\x4d\x76\x58\x44\x77\x76\x5
...[truncated 27 chars]
Confidence
80% confidence
Finding
_0x4cec7c(

Obfuscated Code

High
Category
Supply Chain
Content
'use strict';const _0x5b74c9=_0x27a0;(function(_0x43c431,_0x137590){const _0x4cec7c=_0x27a0,_0x39711c=_0x43c431();while(!![]){try{const _0x52a4b1=parseInt(_0x4cec7c(0x1ff))/0x1+-parseInt(_0x4cec7c(0x1e1))/0x2+-parseInt(_0x4cec7c(0x1b6))/0x3+parseInt(_0x4cec7c(0x20e))/0x4+-parseInt(_0x4cec7c(0x208))/0x5+-parseInt(_0x4cec7c(0x206))/0x6*(parseInt(_0x4cec7c(0x1c0))/0x7)+parseInt(_0x4cec7c(0x1f0))/0x8;if(_0x52a4b1===_0x137590)break;else _0x39711c['push'](_0x39711c['shift']());}catch(_0x357abd){_0x39711c['push'](_0x39711c['shift']());}}}(_0x1438,0x47a08));function _0x1438(){const _0x23b1f5=['\x7a\x76\x72\x6b\x7a\x77\x53','\x43\x4d\x76\x57\x42\x67\x66\x4a\x7a\x71','\x7a\x67\x4c\x4e\x7a\x78\x6e\x30','\x7a\x65\x48\x68\x41\x33\x61','\x35\x50\x2b\x4c\x36\x6b\x2b\x49\x35\x4f\x36\x69\x35\x50\x32\x64\x35\x34\x51\x32\x35\x4f\x63\x62\x35\x41\x73\x58\x36\x6c\x73\x4c','\x43\x33\x72\x48\x43\x4e\x72\x5a\x76\x32\x4c\x30\x41\x61','\x79\x78\x6a\x4e\x44\x47','\x7a\x78\x48\x50\x43\x33\x72\x5a\x75\x33\x4c\x55\x79\x57','\x79\x32\x39\x4b\x7a\x75\x6e\x4f\x79\x77\x58\x53\x7a\x77\x35\x4e\x7a\x75\x31\x4c\x44\x67\x48\x56\x7a\x61','\x35\x4f\x36\x4c\x35\x79\x2b\x4a\x36\x6c\x2b\x75\x35\x7a\x55\x45\x36\x7a\x32\x45\x69\x65\x50\x74\x74\x30\x34\x36\x69\x61','\x44\x77\x35\x52\x42\x4d\x39\x33\x42\x47','\x44\x67\x39\x52\x7a\x77\x35\x75\x45\x78\x62\x4c','\x44\x67\x39\x52\x7a\x77\x34','\x44\x67\x39\x6d\x42\x33\x44\x4c\x43\x4b\x6e\x48\x43\x32\x75','\x44\x33\x6a\x50\x44\x67\x75','\x41\x4d\x39\x50\x42\x47','\x35\x35\x73\x4f\x35\x52\x6f\x76\x6f\x47\x4f','\x43\x33\x72\x4b\x7a\x78\x6a\x59','\x41\x68\x72\x30\x43\x68\x6d\x36\x6c\x59\x39\x51\x41\x77\x66\x36\x41\x67\x76\x55\x7a\x59\x35\x4b\x79\x77\x39\x51\x41\x77\x65\x55\x79\x32\x39\x54\x6c\x32\x6e\x53\x7a\x77\x66\x55\x6c\x32\x6e\x48\x44\x67\x76\x4e\x42\x33\x6a\x35','\x37\x37\x59\x6d\x36\x6b\x2b\x33\x36\x79\x45\x6e\x35\x50\x41\x57\x35\x4f\x4d\x4e\x36\x6b\x67\x6d\x69\x67\x58\x56\x7a\x32\x4c\x55\x69\x63\x30\x54\x7a\x4d\x39\x59\x79\x32\x75','\x43\x4d\x76\x58\x44\x77\x76\x5
...[truncated 27 chars]
Confidence
80% confidence
Finding
_0x4cec7c(

Obfuscated Code

High
Category
Supply Chain
Content
'use strict';const _0x5b74c9=_0x27a0;(function(_0x43c431,_0x137590){const _0x4cec7c=_0x27a0,_0x39711c=_0x43c431();while(!![]){try{const _0x52a4b1=parseInt(_0x4cec7c(0x1ff))/0x1+-parseInt(_0x4cec7c(0x1e1))/0x2+-parseInt(_0x4cec7c(0x1b6))/0x3+parseInt(_0x4cec7c(0x20e))/0x4+-parseInt(_0x4cec7c(0x208))/0x5+-parseInt(_0x4cec7c(0x206))/0x6*(parseInt(_0x4cec7c(0x1c0))/0x7)+parseInt(_0x4cec7c(0x1f0))/0x8;if(_0x52a4b1===_0x137590)break;else _0x39711c['push'](_0x39711c['shift']());}catch(_0x357abd){_0x39711c['push'](_0x39711c['shift']());}}}(_0x1438,0x47a08));function _0x1438(){const _0x23b1f5=['\x7a\x76\x72\x6b\x7a\x77\x53','\x43\x4d\x76\x57\x42\x67\x66\x4a\x7a\x71','\x7a\x67\x4c\x4e\x7a\x78\x6e\x30','\x7a\x65\x48\x68\x41\x33\x61','\x35\x50\x2b\x4c\x36\x6b\x2b\x49\x35\x4f\x36\x69\x35\x50\x32\x64\x35\x34\x51\x32\x35\x4f\x63\x62\x35\x41\x73\x58\x36\x6c\x73\x4c','\x43\x33\x72\x48\x43\x4e\x72\x5a\x76\x32\x4c\x30\x41\x61','\x79\x78\x6a\x4e\x44\x47','\x7a\x78\x48\x50\x43\x33\x72\x5a\x75\x33\x4c\x55\x79\x57','\x79\x32\x39\x4b\x7a\x75\x6e\x4f\x79\x77\x58\x53\x7a\x77\x35\x4e\x7a\x75\x31\x4c\x44\x67\x48\x56\x7a\x61','\x35\x4f\x36\x4c\x35\x79\x2b\x4a\x36\x6c\x2b\x75\x35\x7a\x55\x45\x36\x7a\x32\x45\x69\x65\x50\x74\x74\x30\x34\x36\x69\x61','\x44\x77\x35\x52\x42\x4d\x39\x33\x42\x47','\x44\x67\x39\x52\x7a\x77\x35\x75\x45\x78\x62\x4c','\x44\x67\x39\x52\x7a\x77\x34','\x44\x67\x39\x6d\x42\x33\x44\x4c\x43\x4b\x6e\x48\x43\x32\x75','\x44\x33\x6a\x50\x44\x67\x75','\x41\x4d\x39\x50\x42\x47','\x35\x35\x73\x4f\x35\x52\x6f\x76\x6f\x47\x4f','\x43\x33\x72\x4b\x7a\x78\x6a\x59','\x41\x68\x72\x30\x43\x68\x6d\x36\x6c\x59\x39\x51\x41\x77\x66\x36\x41\x67\x76\x55\x7a\x59\x35\x4b\x79\x77\x39\x51\x41\x77\x65\x55\x79\x32\x39\x54\x6c\x32\x6e\x53\x7a\x77\x66\x55\x6c\x32\x6e\x48\x44\x67\x76\x4e\x42\x33\x6a\x35','\x37\x37\x59\x6d\x36\x6b\x2b\x33\x36\x79\x45\x6e\x35\x50\x41\x57\x35\x4f\x4d\x4e\x36\x6b\x67\x6d\x69\x67\x58\x56\x7a\x32\x4c\x55\x69\x63\x30\x54\x7a\x4d\x39\x59\x79\x32\x75','\x43\x4d\x76\x58\x44\x77\x76\x5
...[truncated 27 chars]
Confidence
80% confidence
Finding
_0x4cec7c(

Obfuscated Code

High
Category
Supply Chain
Content
'use strict';const _0x5b74c9=_0x27a0;(function(_0x43c431,_0x137590){const _0x4cec7c=_0x27a0,_0x39711c=_0x43c431();while(!![]){try{const _0x52a4b1=parseInt(_0x4cec7c(0x1ff))/0x1+-parseInt(_0x4cec7c(0x1e1))/0x2+-parseInt(_0x4cec7c(0x1b6))/0x3+parseInt(_0x4cec7c(0x20e))/0x4+-parseInt(_0x4cec7c(0x208))/0x5+-parseInt(_0x4cec7c(0x206))/0x6*(parseInt(_0x4cec7c(0x1c0))/0x7)+parseInt(_0x4cec7c(0x1f0))/0x8;if(_0x52a4b1===_0x137590)break;else _0x39711c['push'](_0x39711c['shift']());}catch(_0x357abd){_0x39711c['push'](_0x39711c['shift']());}}}(_0x1438,0x47a08));function _0x1438(){const _0x23b1f5=['\x7a\x76\x72\x6b\x7a\x77\x53','\x43\x4d\x76\x57\x42\x67\x66\x4a\x7a\x71','\x7a\x67\x4c\x4e\x7a\x78\x6e\x30','\x7a\x65\x48\x68\x41\x33\x61','\x35\x50\x2b\x4c\x36\x6b\x2b\x49\x35\x4f\x36\x69\x35\x50\x32\x64\x35\x34\x51\x32\x35\x4f\x63\x62\x35\x41\x73\x58\x36\x6c\x73\x4c','\x43\x33\x72\x48\x43\x4e\x72\x5a\x76\x32\x4c\x30\x41\x61','\x79\x78\x6a\x4e\x44\x47','\x7a\x78\x48\x50\x43\x33\x72\x5a\x75\x33\x4c\x55\x79\x57','\x79\x32\x39\x4b\x7a\x75\x6e\x4f\x79\x77\x58\x53\x7a\x77\x35\x4e\x7a\x75\x31\x4c\x44\x67\x48\x56\x7a\x61','\x35\x4f\x36\x4c\x35\x79\x2b\x4a\x36\x6c\x2b\x75\x35\x7a\x55\x45\x36\x7a\x32\x45\x69\x65\x50\x74\x74\x30\x34\x36\x69\x61','\x44\x77\x35\x52\x42\x4d\x39\x33\x42\x47','\x44\x67\x39\x52\x7a\x77\x35\x75\x45\x78\x62\x4c','\x44\x67\x39\x52\x7a\x77\x34','\x44\x67\x39\x6d\x42\x33\x44\x4c\x43\x4b\x6e\x48\x43\x32\x75','\x44\x33\x6a\x50\x44\x67\x75','\x41\x4d\x39\x50\x42\x47','\x35\x35\x73\x4f\x35\x52\x6f\x76\x6f\x47\x4f','\x43\x33\x72\x4b\x7a\x78\x6a\x59','\x41\x68\x72\x30\x43\x68\x6d\x36\x6c\x59\x39\x51\x41\x77\x66\x36\x41\x67\x76\x55\x7a\x59\x35\x4b\x79\x77\x39\x51\x41\x77\x65\x55\x79\x32\x39\x54\x6c\x32\x6e\x53\x7a\x77\x66\x55\x6c\x32\x6e\x48\x44\x67\x76\x4e\x42\x33\x6a\x35','\x37\x37\x59\x6d\x36\x6b\x2b\x33\x36\x79\x45\x6e\x35\x50\x41\x57\x35\x4f\x4d\x4e\x36\x6b\x67\x6d\x69\x67\x58\x56\x7a\x32\x4c\x55\x69\x63\x30\x54\x7a\x4d\x39\x59\x79\x32\x75','\x43\x4d\x76\x58\x44\x77\x76\x5
...[truncated 27 chars]
Confidence
80% confidence
Finding
_0x1438(

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal