ClawHub

OECD数据查询服务

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is presented as an OECD data query service, but it routes requests and an API key through a third-party XiaoBenYang service and stores the key locally, so it needs review before use.

Install only if you intentionally trust XiaoBenYang as the backend for OECD-style queries and are comfortable giving it an API key plus your query parameters. Prefer a version that clearly documents the proxy, avoids saving secrets to .env by default, pins dependencies, and explains how to revoke or remove the stored key.

SkillSpector (15)

By NVIDIA

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises no declared permissions, yet its documented behavior requires environment access, local file reads/writes, and network access to save API keys and call a remote service. This creates a transparency and consent problem: users and hosting platforms cannot accurately assess what the skill can access or modify.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill claims to be an OECD SDMX query service, but the documentation indicates it sends requests to xiaobenyang.com and stores user API keys locally using a generic client tied to another service lineage. This mismatch can mislead users into disclosing credentials and trusting data provenance or handling practices that differ from the stated purpose.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The manifest and title present an OECD SDMX data service, but the workflow references an unrelated Gaokao/Xiaobenyang service and external API-key process. This kind of identity and dependency inconsistency is dangerous because it obscures the true trust boundary and can facilitate credential harvesting or unauthorized third-party data transmission.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The documentation says the model only routes requests to tools, but it also mandates collecting a user API key and storing it locally via configuration code. Secret collection and persistence materially increase risk, especially when not prominently disclosed as sensitive handling behavior.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The implementation sends all requests to a generic third-party '小笨羊MCP API' endpoint using an API key and dynamic function headers, rather than directly querying the OECD SDMX API described by the skill. This is a serious integrity and data-exfiltration risk: user queries and parameters intended for OECD data may be routed to an unrelated service, enabling hidden collection, manipulation, or substitution of results under a misleading skill identity.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The docstrings and class naming explicitly describe this as a '小笨羊MCP' client/tool caller, which contradicts the advertised OECD SDMX data service. In a security review context, this mismatch is dangerous because it suggests deliberate misrepresentation of the skill's backend behavior, making it easier to hide unauthorized routing of user requests or deceptive data provenance.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
This module implements persistent API key storage in a local .env file, which exceeds the stated behavior of a read-only OECD data query service. Persisting secrets to disk increases the chance of credential leakage through source packaging, backups, logs, misconfigured permissions, or accidental check-in, especially when users may not expect stateful secret storage from this skill.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code silently persists the API key to .env without any user-facing warning, confirmation, or security notice. This is dangerous because users of a simple data-query skill may not realize their credential is being written to disk, creating unexpected long-term exposure if the working directory is shared or later committed.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
96% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
95% confidence
Finding
pydantic>=2.7.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
94% confidence
Finding
pydantic-settings>=2.2.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
95% confidence
Finding
python-dotenv>=1.0.1

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
88% confidence
Finding
requests

Known Vulnerable Dependency: pydantic — 3 advisory(ies): CVE-2021-29510 (Use of "infinity" as an input to datetime and date fields causes infinite loop i); CVE-2024-3772 (Pydantic regular expression denial of service); CVE-2021-29510 (Pydantic is a data validation and settings management using Python type hinting.)

High
Category
Supply Chain
Confidence
86% confidence
Finding
pydantic

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
73% confidence
Finding
python-dotenv

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal