ClawHub

shejian

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed store-management assistant that uses a bearer token to query and update the intended store API, with operational risk users should understand.

Install only if s.xingke888.com is the store-management system you intend to use. Provide the narrowest possible token, restrict the skill to trusted operators, avoid entering passwords when token setup is available, and review confirmation summaries carefully before approving inventory, sales, or purchase changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger description is extremely broad: it activates on essentially any Chinese message related to store operations, including casual status updates and queries. Broad activation increases the chance the skill runs unintentionally, causing unexpected reads or writes to an external store-management API based on ambiguous user text.

External Transmission

Medium
Category
Data Exfiltration
Content
**严禁输出任何中间过程。** 用户是门店店员,不是开发者。你的回复中:

- ❌ 禁止出现:"让我先读取…"、"我来查询…"、"现在调用 API…"、"根据技能文件…"、"读取配置…" 等描述内部操作步骤的文字
- ❌ 禁止暴露工具调用细节、文件路径、环境变量名、curl 命令内容
- ❌ 禁止在结果之前输出任何"思考过程"或"正在处理"的叙述
- ✅ 直接输出最终结果:确认摘要、查询结果、或向用户提问补充信息
- ✅ 如果需要多步操作(如先查商品 ID 再补录),静默完成所有步骤,只输出最终结果
Confidence
91% confidence
Finding
curl 命令内容 - ❌ 禁止在结果之前输出任何"思考过程"或"正在处理"的叙述 - ✅ 直接输出最终结果:确认摘要、查询结果、或向用户提问补充信息 - ✅ 如果需要多步操作(如先查商品 ID 再补录),静默完成所有步骤,只输出最终结果 ## 配置 每个 agent 的 API Token 通过环境变量注入,变量名格式为 `SHEJIAN_API_TOKEN_<agentId>`。 **B

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal