ClawHub

Ora外贸客户开发专家

Security checks across malware telemetry and agentic risk

Overview

This skill appears to provide the promised business website search, but it asks the agent to run raw local code that reads an API key and sends it to an external service.

Review before installing. Only use this skill if you trust the publisher and are comfortable with it reading the local TPAgent.key credential and sending search requests to h.smtso.com. Avoid using it for sensitive company lists or private prospecting data unless the API provider and key handling are acceptable to you.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill requires the agent to use exec to run inline Node.js and read a local API key file before making a network request. This unnecessarily expands the attack surface from a simple HTTP call to arbitrary code execution plus local secret access, enabling command injection, secret exfiltration, and abuse if user-derived values are interpolated into the command.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger conditions are broad and overlap with common user phrasing, increasing the chance the skill activates when the user did not intend to invoke it. In context, accidental activation is more dangerous because the skill then directs the agent toward external network access and local key usage, potentially causing unintended data handling or outbound requests.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill instructs direct execution of a shellable Node.js one-liner that reads a local secret and performs a network request, without warning or safeguards. This is dangerous because it normalizes unsafe execution patterns, can expose local credentials, and can become command-injection-prone if user input is substituted into the inline code as instructed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal