ClawHub

hourly-report

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but it can silently send invented order and revenue numbers as live business reports, including in API mode after a data-source failure.

Review carefully before installing. Use API mode only if you accept that transaction API failures may produce fabricated revenue and order numbers unless the code is changed. Do not use crawl-mode transaction metrics for real operational or financial decisions. Pass webhooks and client secrets through environment variables or a protected config file instead of shell command arguments, and rotate any credential that may have been exposed in shell history or process listings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
In crawl mode, the code explicitly fabricates orders, GMV, and conversion rate using random numbers, yet later formats and sends them as normal business metrics. This creates materially false reporting that can mislead operators into making commercial or operational decisions based on invented data.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill promises hourly live-stream reporting, but this code path returns random simulated成交数据 instead of actual measurements. Because the downstream report presents these numbers without a warning, recipients may trust fabricated KPIs as real performance data.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
When API-based transaction retrieval fails, the code silently falls back to invented random order and GMV values rather than surfacing an error. This is dangerous because transient outages or auth problems will produce plausible-looking but false reports, undermining data integrity and trust.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs users to pass sensitive values such as DingTalk webhooks, Client Key, and Client Secret directly on the command line, but does not warn that these secrets can be exposed through shell history, process listings, logs, screenshots, or shared terminals. Because the skill is designed for unattended scheduled execution, long-lived credential exposure is more dangerous in this context than in a one-off local script.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal