ClawHub

决策简报虾 (decision-briefing-claw)

Security checks across malware telemetry and agentic risk

Overview

This business-reporting skill is mostly coherent, but it needs review because it includes unrestricted SQL execution against configured databases and can send full business reports to external channels.

Install only after reviewing the configuration carefully. Use read-only database accounts, avoid the raw SQL test command on production data, restrict API tokens and webhooks, verify every email or Feishu destination, protect the reports directory, and enable cron only with a least-privilege user.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill invokes local scripts, writes reports to disk, performs scheduled shell execution, and pushes data to external channels, yet it declares no explicit permissions or trust boundaries. In a data-aggregation skill that handles database credentials, files, APIs, and outbound messaging, missing permission declarations can cause operators or platforms to under-estimate its access and approve unsafe execution, increasing the risk of unauthorized data exfiltration or destructive shell/file actions.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The `test` subcommand executes arbitrary SQL supplied on the command line against the first configured database source, with no restriction to read-only statements or approved queries. In a data-collection skill, this creates an unnecessary database execution surface that could be abused to modify data, exfiltrate sensitive records, or run destructive statements if an operator or integrated agent passes untrusted input.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger keywords include broad everyday phrases such as '日报', '数据摘要', and '自动报告', which can cause accidental activation in unrelated conversations. For a skill that can collect business data and send external briefings, unintended triggering is risky because it may initiate sensitive data access or outbound transmission without clear user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description says it collects from databases, APIs, Excel, and Feishu tables and then pushes reports to Feishu, email, or enterprise messaging, but it does not clearly warn users about credential handling, data movement, or external transmission risks. In this context, the skill processes potentially sensitive operational metrics and connection secrets, so lack of disclosure and consent increases the chance of unsafe configuration, over-sharing, and leakage to third-party services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal