ClawHub

Miaoji Bid Guard Pro

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a local advertising-bid analysis helper, with no evidence of credential theft, exfiltration, persistence, or account-changing behavior, but its projections should not be treated as professional financial guidance.

Install only if you are comfortable treating the tool as a heuristic ad-analysis aid. Validate its assumptions and calculations against your own campaign data before changing ad budgets, and do not rely on it as an automated or authoritative ROI forecaster.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill metadata and header advertise advanced capabilities such as 90-day ROI forecasting, multi-campaign coordination, seasonality bidding, and keyword offense/defense analysis, but the code implements only simple heuristics and canned simulations. This is a security-relevant integrity issue because users may rely on materially overstated automation in making ad-spend decisions, causing financial harm through misplaced trust even though there is no direct code-execution or data-exfiltration behavior.

Intent-Code Divergence

Low
Confidence
86% confidence
Finding
The A/B test simulator accepts strategy inputs that appear to contain observed performance data, but it ignores provided order counts and recomputes orders from fixed click baselines rather than the supplied click values in all cases. This can mislead operators into trusting inaccurate experiment projections, producing distorted optimization decisions and financial loss from flawed ad strategy recommendations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal