ClawHub

Ora海关数据分析专家

Security checks across malware telemetry and agentic risk

Overview

This skill is for customs-data analysis, but it requires agents to read, store, and repeatedly use a local API key file in ways that need careful review before installation.

Install only if you are comfortable with this skill reading and storing an Ora/customs-data API key at a fixed local path and sending it to the configured customs-data service. Prefer a version that uses platform-managed secrets, asks clearly before saving credentials, and documents how to remove or rotate the saved key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The skill directs the agent to access a local secret file and to persist a user-supplied key to disk, which expands its authority beyond customs-data analysis into credential handling. This creates a clear risk of secret exposure, unintended retention, and misuse of local sensitive data, especially because the behavior is mandatory and repeated.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to retrieve a local key and transmit it externally without clear user-facing disclosure or consent. Even if the destination service is legitimate, silently sourcing credentials from local storage creates a meaningful secret-handling risk and normalizes unsafe credential use.

Missing User Warnings

High
Confidence
99% confidence
Finding
Writing a user-provided API key to disk creates persistent local storage of a secret without adequate warning, lifecycle control, or minimization. This increases the chance of later disclosure to other tools, users, logs, backups, or malicious skills that can access the same location.

Ssd 3

High
Confidence
100% confidence
Finding
This is a direct secret-handling vulnerability: the skill instructs the agent to read a local API-key file and also to store user-supplied credentials in that file. In the context of an agent skill, natural-language instructions that compel local secret extraction and persistence are especially dangerous because they can turn ordinary data-analysis actions into credential access and exfiltration workflows.

Ssd 3

High
Confidence
99% confidence
Finding
Requiring the agent to inspect the contents of a secret file before each operation encourages repeated access to sensitive local data, increasing exposure opportunities and making accidental leakage more likely. The repeated-check workflow also normalizes secret discovery behavior unrelated to the business task.

Ssd 3

High
Confidence
100% confidence
Finding
The skill mandates reading a local secret from a fixed user path and attaching it to outbound traffic, which is classic secret extraction and transmission behavior. Because the skill's stated purpose is trade-data analysis, this capability is not intrinsic to the user task and meaningfully enlarges the attack surface.

Ssd 3

High
Confidence
100% confidence
Finding
The extensive rules and code examples normalize a pattern of repeatedly reading a local secret and sending it with external traffic, including behavior when the file is absent. Detailed exemplars make the unsafe behavior more operationally likely and easier for downstream agents to follow exactly, increasing the probability of credential misuse or exfiltration.

Ssd 3

High
Confidence
100% confidence
Finding
The repeated startup workflow reinforces secret-file inspection and user-secret persistence, compounding the risk by making unsafe credential handling a required operational habit. Repetition in multiple sections reduces the chance that safer execution layers will ignore it and increases the likelihood of implementation exactly as written.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal