ClawHub

市场调研分析助手

Security checks across malware telemetry and agentic risk

Overview

This market-research skill is purpose-aligned and disclosed, but users should know it may send research topics to third-party search and news sites when live retrieval is used.

Install only if you are comfortable with a research helper making live web requests to RSS/news sites, search engines, and result pages. Do not use confidential market plans, internal project names, or proprietary research topics unless you accept that those queries may be sent to third-party services. Use the fallback crawler and its -o file output intentionally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Tainted flow: 'href' from requests.get (line 100, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
# 百度搜索结果需要解析真实URL
                if 'baidu.com' in href and 'http' not in href:
                    try:
                        resp = requests.get(href, headers=HEADERS, timeout=5, allow_redirects=True)
                        href = resp.url
                    except:
                        pass
Confidence
93% confidence
Finding
resp = requests.get(href, headers=HEADERS, timeout=5, allow_redirects=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares no permissions, yet it instructs the agent to use network access and to run a Python crawler that can write JSON output files. This creates a capability/permission mismatch that can bypass user expectations and platform governance, especially because the fallback path explicitly performs external fetching and filesystem writes.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger description is broad enough to activate on common requests like industry analysis or business feasibility, which can cause the skill to run in situations the user did not specifically intend. In this skill, that matters because activation can lead to external web fetching or even crawler-script execution, increasing the chance of unanticipated data access or side effects.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly describes running a crawler script, performing search-engine queries, scraping pages, and optionally saving output to disk, but provides no user-facing warning or consent step. This is dangerous because it can cause hidden external requests and local filesystem changes, which may expose user context, create unexpected artifacts, or violate least-surprise expectations.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The tool performs live searches using user-provided queries and then fetches third-party pages, which can expose sensitive research topics, internal project names, or proprietary market interests to external services. In this skill context, that behavior is central to the feature, but the absence of an explicit warning, consent boundary, or safeguards makes accidental data disclosure and retrieval of unsafe/untrusted content more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal