ClawHub

c刊期刊分析

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed CNKI journal-analysis tool that collects journal article metadata, analyzes it locally, and generates a Word report, with no evidence of hidden persistence, credential theft, or destructive behavior.

Install only if you are comfortable with CNKI browser automation and local report generation. Run the pip dependencies in a virtual environment, supervise the CNKI session and verification steps, and choose or check the output folder before creating reports that may contain research metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs reading a local reference file (`references/journal_codes.md`) but does not declare the corresponding permission. Undeclared file access weakens transparency and permission boundaries, and in agent environments it can normalize broader local-file reads than users or platform policy expect.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill tells the agent to install Python packages with `pip3`, introducing package-management and supply-chain risk beyond what a journal-analysis skill strictly needs at runtime. Installing packages dynamically can modify the host environment, pull unpinned third-party code, and create a path to arbitrary code execution through compromised or unexpected dependencies.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Directing execution of a local script (`scripts/analyze_journal.py`) expands the skill from data collection to arbitrary local code execution. In an agent setting, invoking local scripts without explicit permission controls, code provenance checks, or sandboxing can be abused to run unintended code or process attacker-influenced inputs unsafely.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs saving a Word report directly into the user's `~/Downloads` folder without explicit consent at the moment of file creation. Unprompted local file writes can surprise users, overwrite expected artifacts, leak sensitive derived data into a broadly accessible folder, and set a precedent for unauthorized persistence on the host.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal