ClawHub

Skill Guangjiao

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Canton Fair lead-generation skill, but it needs user review because its privacy and storage disclosures conflict around remote API use and retained lead data.

Install only if you intend to use YunlvAI/TradeGPT for Canton Fair lead research. Use a dedicated revocable API key, assume queries and lead data may be sent to YunlvAI, avoid bulk outreach, verify privacy/legal obligations for contact data, and manually delete exported leads, query history, outreach drafts, and logs when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifested behavior understates the skill's actual data handling by omitting persistent storage of queries, outreach records, logs, and follow-up artifacts. This is dangerous because users and host platforms cannot accurately assess retention, monitoring, and privacy exposure when personal or business contact data is being collected and stored beyond the advertised scope.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The Security & Privacy section says query conditions and transit data are processed only locally, but the workflow earlier states those inputs are sent to a remote MatchGPT API for search and contact enrichment. This inconsistency can mislead users into sharing sensitive lead-generation criteria or contact-related data under false assumptions about locality and confidentiality.

Scope Creep

High
Confidence
96% confidence
Finding
The declared permission boundary says writes are allowed only to the leads export directory, while the documented storage root includes writes to queries, outreach, and logs directories as well. A mismatched boundary weakens trust and reviewability, making it easier for the skill to retain sensitive business searches, generated contact content, and operational logs outside the stated write scope.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill openly advertises extraction and export of emails, phone numbers, LinkedIn profiles, and contact persons, but does not provide a clear user-facing privacy warning at the point where personal data handling is introduced. In a lead-mining context, this increases the risk of unnoticed processing of personal data and noncompliant outreach workflows, especially across jurisdictions with stricter privacy rules.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger list contains generic phrases such as "展会数据", "参展商", and "Canton Fair" that are broad enough to activate the skill during ordinary trade-show discussions, not just targeted lead-discovery tasks. In an agent environment, over-broad activation can cause unintended routing to a skill that processes external business data and may prompt unnecessary API use or disclosure of user intent to a third-party service.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The template explicitly instructs users to collect contact details and other business lead information, but provides no guidance on lawful handling, minimization, consent, retention, or secure storage of personal data. In a lead-mining skill focused on exhibitor and buyer discovery, this omission can encourage improper collection and downstream misuse of personal information, creating privacy, compliance, and reputational risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal