ClawHub

企业年金查询技能

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a coherent company pension search tool, but it needs review because its scripts can write report and log files using unsanitized user-supplied company names.

Review before installing. Use it only for public-source company pension research, avoid sensitive or confidential target names unless you trust the configured search provider, and do not run it with company names or batch entries containing slashes, '..', or other path-like characters. Treat generated reports as templates requiring manual verification, and clear saved reports/cache when the investigation should not persist locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The script generates a report template that asserts specific investigative methods, external-source verification, confidence levels, and conclusions, but the script itself only writes static markdown and performs placeholder substitution. This can mislead users into trusting fabricated due-diligence outputs, creating integrity and decision-making risk, especially if the report is later shared as if it were evidence-backed.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Overly broad trigger phrases such as general welfare or benefits queries can cause the skill to activate on unintended requests. In this skill, unintended activation is more sensitive because the documented behavior includes external searches and report generation, which can lead to unnecessary data collection, network activity, and local file writes without clear user intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill describes generating and auto-saving investigation reports to local paths, but does not prominently disclose this side effect before use. This is dangerous because users may unintentionally persist potentially sensitive company research, query history, or collected source data on disk, especially in shared or monitored environments.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Several triggers such as broad welfare/investigation phrases can match ordinary user requests that are not specifically about pension lookup, causing the skill to activate unexpectedly. In an agent system, overbroad activation can route unrelated user data or tasks into this skill, leading to inappropriate data collection, misleading responses, or unintended external searches.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends user-supplied company names and related profiling queries to external search services such as Tavily or SearXNG without any explicit consent, warning, or data-handling notice. In an agent/skill context, this can leak sensitive investigative targets, internal interest, or confidential organization names to third parties and local linked skills outside the user's awareness.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal