ClawHub

Express Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it generates courier tracking links, with documented optional batch input, file output, and browser opening.

Install only if you are comfortable creating Kuaidi100 links that include your tracking numbers. Use --open only when you want the browser to visit that external site, choose --output paths carefully because existing files may be overwritten, and consider fixing the hard-coded Python import path before relying on this skill in a shared or production environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill claims to generate tracking links, but it also supports opening the local browser and writing to arbitrary output files, which are side effects beyond a simple query helper. This mismatch can undermine user consent and agent safety policies, especially if the skill is auto-invoked and causes local actions or writes unexpected files.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script prepends a user-specific absolute directory to sys.path before importing track_express, causing Python to trust code from outside the skill package. If that external path is writable, replaced, or differs across environments, an attacker or local compromise could hijack the import and execute arbitrary code whenever this script runs.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script accepts an arbitrary --output path and writes data there without restriction, enabling file creation or overwrite anywhere the process has permission. In an agent or automation context, this broad file-write capability exceeds the stated need of generating a tracking link and could be abused to tamper with local files or drop misleading content.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger examples include broad natural phrases like '我的快递到哪了', which may cause the skill to activate in loosely related conversations without clear user intent or required parameters. Over-broad activation increases the chance of sending sensitive tracking numbers or initiating external-link generation when the user did not explicitly request this skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation does not warn users that tracking numbers will be embedded in links to an external service, which may expose shipment identifiers and associated logistics metadata to a third party. In this context, tracking numbers can be sensitive because they may reveal purchasing activity, addresses, or delivery timing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal