ClawHub
Back to skill

Security audit

马仙儿术数推演

Security checks across malware telemetry and agentic risk

Overview

The skill’s divination function is coherent, but it sends sensitive personal inputs to a hardcoded unencrypted remote API using an embedded shared bearer token.

Review before installing. Only use this skill if you are comfortable sending birth details, birthplace, gender, name, dreams, and questions to the external service configured in the script. Prefer not to provide identifying information unless the publisher adds HTTPS-only transport, removes the shared embedded token, and clearly explains privacy, retention, and API credential handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script embeds a default shared bearer token directly in source code, which means anyone with access to the skill package can extract and reuse it against the remote API. In this skill context, users may send birth data, dreams, and other highly personal information, so a leaked shared credential can enable unauthorized API use, abuse attribution confusion, and broader access to sensitive user-submitted data or service capacity.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger description contains broad natural-language phrases such as ‘帮我算算’, ‘看看运势’, and ‘什么命/命理’, which can match casual conversation and cause the skill to activate when the user did not clearly intend to invoke divination functionality. Unintended invocation is risky because this skill collects sensitive personal data such as birth date, time, gender, and birthplace, and may steer users into pseudoscientific advice without explicit consent.

Natural-Language Policy Violations

Medium
Confidence
85% confidence
Finding
The skill is written entirely in Chinese and assumes Chinese-language interaction without providing a language negotiation step or fallback behavior. This can cause users to misunderstand what data is being requested, what the skill does, or what limitations apply, especially when the skill asks for sensitive personal information and presents interpretive guidance.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script defaults to sending requests over plain HTTP to a remote IP address, so bearer credentials and user inputs can be intercepted or modified by any attacker with network visibility. In this skill, the transmitted data is especially sensitive and personal, making cleartext transport substantially more dangerous than in a low-sensitivity utility.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script defaults to sending requests over plain HTTP to a remote IP address, so bearer credentials and user inputs can be intercepted or modified by any attacker with network visibility. In this skill, the transmitted data is especially sensitive and personal, making cleartext transport substantially more dangerous than in a low-sensitivity utility.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal