ClawHub

代码文档更新服务

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill may provide documentation lookup, but it mixes a Context7 description with XiaoBenYang/Gaokao credential handling and stores an API key locally, so it needs review before installation.

Install only if you understand that the skill will ask for a XiaoBenYang API key, save it in a local .env file, and send requests to mcp.xiaobenyang.com. Review or revise the skill first if you expected a direct Context7 integration or do not want plaintext credential storage.

SkillSpector (8)

By NVIDIA

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares no permissions while its documented behavior clearly involves reading environment variables, writing an API key to local configuration, and making network calls. This creates a transparency and consent problem: users and hosting platforms cannot accurately assess what sensitive operations the skill will perform, especially around credential handling and outbound communication.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill presents itself as a Context7 documentation service, but the content indicates credential collection and persistence tied to a different XiaoBenYang backend and even references a gaokao-oriented project structure. This mismatch can mislead users into disclosing API keys to an unexpected service and undermines trust boundaries about where data is sent.

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
The workflow example references an unrelated school-search function, indicating copy-paste contamination and unreliable operational guidance. In a security-sensitive skill, contradictory instructions increase the chance of incorrect tool routing, unintended data access, or calling functions with the wrong purpose or parameters.

Intent-Code Divergence

Low
Confidence
78% confidence
Finding
Instructing the agent to directly display raw API responses can expose unfiltered upstream content, including unexpected metadata, internal identifiers, error details, or sensitive fields returned by the backend. This is particularly risky when the service identity is already ambiguous, because users may receive data that has not been validated or sanitized for safe presentation.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The API key source and project structure point to a XiaoBenYang gaokao service rather than the advertised documentation-updating function, which strongly suggests the skill is misidentified or repurposed. This can cause users to provide credentials under false assumptions and can route queries or secrets to an unrelated external system.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The file implements configuration and API-key persistence for an unrelated '高考' service despite the declared skill being a code-documentation update service. This mismatch is dangerous because it introduces hidden credential handling and a separate external endpoint, increasing the risk of unauthorized data flow, user confusion, and covert exfiltration pathways within a skill that should not need such secrets.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill can write, modify, and persist an API key to a local .env file even though that capability is not necessary for a documentation lookup service. Unnecessary secret persistence increases exposure to local compromise, accidental source control inclusion, and stealthy reuse of credentials by other code in the same environment.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Persisting an API key to .env without an explicit user-facing warning or consent mechanism can cause users to unknowingly leave credentials on disk in plaintext. Plaintext secret storage is especially risky in development environments where files may be backed up, shared, or accidentally committed to source control.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal