ClawHub

homework-grade

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it needs Review because it accesses a QQ mailbox, handles untrusted homework archives, and sends code to an AI service without enough scoping or safety controls.

Install only if you are comfortable granting access to the specified QQ mailbox and sending student submissions plus reference answers to an external AI provider. Prefer a dedicated mailbox or app-specific authorization code, run it in an isolated working directory, treat downloaded ZIP files as untrusted, and look for a revised version that sanitizes filenames, validates ZIP contents, narrows mailbox selection, documents AI data handling, pins dependencies, and removes or sandboxes local code execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run_code(file_path):
    try:
        result = subprocess.run(
            ["python", file_path],
            capture_output=True,
            text=True,
Confidence
97% confidence
Finding
result = subprocess.run( ["python", file_path], capture_output=True, text=True, timeout=5 )

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The function sends both student submissions and reference solution code to an external LLM service, which can expose sensitive educational content, unpublished answer keys, or proprietary code to a third party. In this skill context, the issue is more dangerous because the transfer is automatic and there is no visible notice, consent flow, minimization, or policy guard around what code leaves the local environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code writes email attachments directly to local disk without any disclosure, consent flow, or validation of the attachment filename. Because the filename comes from untrusted email content, this also creates a path traversal risk where a crafted attachment name could cause files to be written outside the intended downloads directory.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The function accepts email credentials and immediately connects to a remote IMAP server to authenticate and access mailbox contents without any visible disclosure, permission check, or scope limitation. In an agent skill context, silent access to a user's mailbox is sensitive because it can expose private communications and enable unauthorized collection of attachments from unread messages.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill requests mailbox credentials and accesses email attachments, but the documentation does not warn users about the privacy and security implications of granting mailbox access. This can lead to unintended exposure of sensitive emails, attachments, and account access if users do not understand the scope of access being granted.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill describes downloading ZIP files, extracting them, and generating an Excel file, but it does not disclose that these actions modify local filesystem state. Users may be unaware that untrusted archives will be written and extracted locally, increasing the risk of unsafe file handling or accidental overwrites.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The manifest explicitly describes downloading homework from a QQ Mail account and generating an Excel file, but it provides no warning, consent language, or scope limitation around accessing mailbox contents and writing files. This is dangerous because the skill requests sensitive email credentials and performs data access/storage actions that could expose student submissions, personal data, or mailbox contents without clear user awareness or safeguards.

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
openpyxl
Confidence
97% confidence
Finding
pandas

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
openpyxl
Confidence
98% confidence
Finding
openpyxl

Known Vulnerable Dependency: openpyxl — 2 advisory(ies): CVE-2017-5992 (Improper Restriction of XML External Entity Reference in Openpyxl); CVE-2017-5992 (Openpyxl 2.4.1 resolves external entities by default, which allows remote attack)

High
Category
Supply Chain
Confidence
90% confidence
Finding
openpyxl

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal