ClawHub

Express Tracker

Security checks across malware telemetry and agentic risk

Overview

The skill is a real express-tracking helper, but it handles shipment data in ways users should review first.

Review before installing if shipment privacy matters to you. This skill sends tracking numbers to external courier-query services, reads an API key from Desktop\999.txt, and stores shipment history under G:\PC先生\express_data\packages.json. Prefer using it only on a trusted machine, with a non-sensitive API key, and avoid forwarding SMS messages that contain addresses, pickup codes, or other private details unless you are comfortable with the local retention and third-party lookups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script is not actually zero-configuration: it depends on an API key stored in a specific Desktop file and a hard-coded local storage path. This is dangerous because it creates hidden environmental dependencies and causes the skill to access user-local files outside the stated tracking input, which can surprise users and undermine trust and portability.

Description-Behavior Mismatch

Low
Confidence
87% confidence
Finding
Although presented as a query script, the code also persistently stores tracking history, courier names, timestamps, and trace details to disk. This expands the data-handling scope from transient lookup to local retention of potentially sensitive shipment metadata without clear disclosure or consent.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Reading a secret from an unrelated Desktop file path is overbroad for the stated purpose and reaches into a user-controlled personal location without explicit need or notice. This can accidentally expose or misuse local files, makes behavior non-transparent, and creates a precedent for arbitrary file access under the guise of package tracking.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The module header states that the file is a simple tracking-number query script, but the implementation also mutates persistent package state on disk. This mismatch is security-relevant because users and reviewers may underestimate the skill's data retention and side effects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly supports forwarding and parsing courier SMS messages and sending scheduled status reports, but it provides no privacy notice, consent flow, or explanation of how message contents and tracking histories are stored or shared. Because courier SMS often contains names, phone numbers, addresses, pickup codes, and package metadata, the feature set materially increases the risk of privacy leakage and unauthorized monitoring.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script accesses a Desktop file to obtain an API key without any user-facing disclosure. Even if the intent is convenience, silently reading from a personal folder is a privacy and trust issue because it performs filesystem access beyond the obvious tracking-number input.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Tracking numbers are sent to third-party services over the network, including one plain-HTTP endpoint for Juhe. Shipment identifiers and logistics history can be privacy-sensitive, and undisclosed transmission to external services increases data exposure risk, especially when not encrypted in transit.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code persistently writes package history and detailed traces to a local JSON file without warning. Logistics traces can reveal habits, locations, purchase timing, and delivery status, so retaining them silently creates unnecessary privacy risk if the machine or account is shared or compromised.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal