ClawHub

闲鱼商品精选助手

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate Xianyu search helper, but it persistently records detailed shopping searches without clear user consent or cleanup controls.

Review this carefully before installing. Use it only if you are comfortable with Xianyu searches and result links being saved to persistent memory, and look for a way to disable or clear that history. Avoid sensitive purchase searches until the publisher documents opt-in logging, retention, and deletion controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is described as a search/filter tool but also persists search history, result counts, price ranges, and links into memory files. This expands its effective data-handling scope beyond the core task and creates unnecessary retention of potentially sensitive user interests and transaction-related metadata without clear consent.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Automatic recording of search activity to persistent memory is not required to perform the stated search function and creates an avoidable privacy exposure. If memory files are later accessed by other skills, users, or logs, search behavior and item links could be correlated to profile the user or reveal purchasing intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill states that search history is automatically written to memory files without an upfront warning, despite including queried products, counts, prices, and item links. This undermines user expectations and can expose sensitive preferences, financial intent, or purchasing plans through silent persistence.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation commands include broad user-facing phrases such as '闲鱼买' and '二手搜索' that can plausibly appear in ordinary conversation, increasing the chance that the skill is invoked unintentionally. In an agent setting, over-broad triggering can cause the skill to intercept unrelated shopping requests, leading to confused execution flow, unintended web actions, or disclosure of user intent to an external marketplace context.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The regex patterns like '闲鱼.*找', '闲鱼.*买', and '帮我.*闲鱼' are overly permissive because '.*' can match many natural-language phrases, making accidental activation likely. This is more concerning in this skill because it targets a live marketplace workflow, so false activation could launch searches, apply filters, or shape purchasing-related outputs based on casual user text rather than deliberate invocation.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill instructs automatic persistent logging of user search activity and result details without clear minimization, consent, or access boundaries. Persistent storage of product interests and links can reveal user behavior over time and creates downstream exposure if memory files are shared, indexed, or read by other components.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal