ClawHub

约面招聘协调虾

Security checks across malware telemetry and agentic risk

Overview

This interview-scheduling skill is purpose-aligned, but it handles real calendar, contact, email, and token access with a weak fallback token cache that deserves review before use.

Use the OAuth-based Feishu plugin path when possible. If you use the fallback script, avoid shared machines or change the token cache to a private per-user location with restrictive permissions, then remove cached tokens after use. Scope Feishu and SMTP credentials tightly and review every calendar event, attendee list, candidate email, and meeting link before sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to use shell-based scripts (`scripts/feishu-calendar.sh`) and SMTP/Python execution paths, but the manifest shown does not declare corresponding permissions or execution capabilities. This creates a privilege-boundary and review gap: operators may not realize the skill can invoke local scripts or handle sensitive credentials, increasing the chance of unsafe execution, credential misuse, or unauthorized side effects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script caches a bearer access token in /tmp, which is a shared, world-accessible location on many systems unless explicit permissions are set. If another local user or process can read or replace that file, they may reuse the token to access calendar data or manipulate interview schedules.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal