ClawHub

NBA数据服务

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill appears to provide NBA data as claimed, but it automatically stores a user API key locally with limited disclosure and has several documentation/configuration inconsistencies users should review before installing.

Install only if you are comfortable giving this skill a XiaoBenYang API key and having it saved in a local .env file. Prefer using a limited-scope or disposable key, monitor usage on the provider side, and remove the saved XBY_APIKEY if you stop using the skill. The artifact does not show destructive behavior or hidden exfiltration, but the credential persistence and documentation inconsistencies warrant careful review.

SkillSpector (13)

By NVIDIA

Intent-Code Divergence

Medium
Confidence
80% confidence
Finding
The workflow example references an unrelated high-school search function inside an NBA data skill, indicating copy-paste drift or poor documentation hygiene. Such inconsistencies can cause the agent to select unintended tools or developers to wire the wrong backend, increasing the chance of data leakage, misuse of capabilities, or erroneous remote calls.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The file implements credential persistence and retrieval logic for an API key, including writing secrets to a local .env file and updating process environment variables. That behavior is not clearly justified by the stated NBA data service purpose and expands the attack surface by storing sensitive material locally where it may be exposed through logs, source packaging, backups, or accidental commits.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The code provides local secret-storage capability by writing XBY_APIKEY directly into .env, even though the described functionality is NBA data retrieval rather than credential management. Unnecessary secret storage increases the chance of credential leakage via filesystem access, backups, debugging artifacts, or accidental inclusion in repositories.

Intent-Code Divergence

Low
Confidence
72% confidence
Finding
The configuration declares an env_prefix of XBY_GAOKAO_ but the later code manually reads and writes XBY_APIKEY instead, creating inconsistent secret-loading behavior. This mismatch can cause operators to misunderstand which variable is authoritative, leading to misconfiguration, unexpected secret sourcing, and accidental exposure or policy bypass.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to collect an API key from the user and save it locally without warning about persistence, scope, retention, or who can access the stored secret. In a skill context, this creates a meaningful risk of credential mishandling, especially because the key is written to a local .env and then used for network operations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The function persists an API key to .env automatically without any user-facing confirmation, warning, or indication of storage location. Silent secret persistence is risky because users may assume the credential is ephemeral while it actually remains on disk and may later be exposed through local compromise or operational mistakes.

Ssd 3

Medium
Confidence
91% confidence
Finding
The instruction to directly display raw API responses encourages unfiltered disclosure of whatever the upstream service returns. In this skill, that could include server/runtime settings, identifiers, echoed request data, or other sensitive fields, and bypasses any redaction or validation step before showing content to the user.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
93% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
93% confidence
Finding
pydantic>=2.7.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
91% confidence
Finding
pydantic-settings>=2.2.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
92% confidence
Finding
python-dotenv>=1.0.1

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
84% confidence
Finding
requests

Known Vulnerable Dependency: pydantic — 3 advisory(ies): CVE-2021-29510 (Use of "infinity" as an input to datetime and date fields causes infinite loop i); CVE-2024-3772 (Pydantic regular expression denial of service); CVE-2021-29510 (Pydantic is a data validation and settings management using Python type hinting.)

High
Category
Supply Chain
Confidence
80% confidence
Finding
pydantic

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal