ClawHub

行业情报助手

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned for automated intelligence reports, but it needs Review because its scheduling script may allow shell command injection and its persistent external delivery behavior is under-scoped.

Install only if you are comfortable with a local automation skill that can read an API key, create recurring jobs, write reports, and send report contents to configured channels. Review and patch the scheduling script before use, confirm every destination channel, avoid sensitive queries, store the Tavily key in a secret store or environment variable, and know how to list and remove the recurring job.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
f'--enabled'
    )
    print(f"执行命令: {cmd}")
    result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
    return result
Confidence
99% confidence
Finding
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation instructs users to run shell-based scripts that read environment secrets, write report files, and create scheduled automation, yet it declares no corresponding permissions. This mismatch can cause users or platforms to underestimate the skill's access level, especially because it also supports automated external delivery to collaboration tools.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill promotes automatic report generation, multi-channel pushing, and cron-based recurring tasks without clearly warning that collected content will be sent to enterprise messaging channels and may continue running on a schedule. In this context, that can lead to unintended data dissemination, noisy automation, or persistent exfiltration of sensitive queries/results if users configure internal channels or proprietary monitoring topics.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide instructs users to set a Tavily API key directly in configuration but does not state that the key is a sensitive secret that must not be exposed, committed to version control, or shared in logs/screenshots. In a skill that automates search and scheduled reporting, leaked credentials could be abused for unauthorized API usage, quota exhaustion, billing impact, or access through downstream integrations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal