ClawHub

yingmi-skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a financial-data gateway, but it asks the agent to install and trust an unpinned CLI plus runtime remote child-skill instructions, so users should review it before use.

Install only if you trust Yingmi and the yingmi-skill-cli supply chain. Manually approve npm, sudo, and remote-skill commands; verify the CLI source and version; and avoid entering phone codes, API keys, or detailed household/financial data unless you intend to use this provider for that task.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill instructs the agent to execute shell commands such as version checks, upgrade scripts, and CLI invocations, yet it does not declare permissions or clearly constrain shell use. This creates an unsafe trust boundary: an agent may run local commands with user privileges without an explicit permission model, increasing the risk of unintended command execution or abuse if the skill or its dependencies are modified.

Tp4

High
Category
MCP Tool Poisoning
Confidence
72% confidence
Finding
The documented purpose focuses on financial data and reporting, but the skill also performs update checks against remote content and bases subsequent behavior on remotely retrieved SKILL metadata. This mismatch can mislead reviewers and users about the actual trust model, and remote metadata retrieval expands the attack surface by introducing supply-chain and prompt-injection risks through externally controlled instructions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal