ClawHub

iFinD投研-金融资讯搜索

Security checks across malware telemetry and agentic risk

Overview

This financial-news search skill does what it claims, but it stores a service token locally and includes an under-disclosed option that can redirect that token to any configured server.

Install only if you trust the iFinD/Repilot service and understand that search queries and the configured token are sent over the network. Keep the default provider URL, do not use --set-url unless you control and trust the endpoint, and treat ~/.config/ifind-repilot/config.json as a secret-bearing file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script’s declared purpose is news retrieval, but it also exposes local configuration mutation, including changing the backend base URL and persisting credentials. That broadens the skill’s capability beyond its advertised scope and enables redirection of authenticated requests to arbitrary endpoints, which can lead to token disclosure or misuse if the URL is changed maliciously or accidentally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code sends both the user query and the Authorization token to a remote service, and because base_url is user-configurable, the destination may not be the trusted default service. While the default is HTTPS, there is no enforcement of HTTPS or host trust, so credentials and sensitive queries could be transmitted to an attacker-controlled server without any explicit disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The --set-token path writes the authentication token in plaintext to a predictable file under the user’s home directory without warning or permission hardening. This increases the chance of credential exposure through local compromise, backups, shared environments, or accidental disclosure of dotfiles.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal