ClawHub

智能会话分析

Security checks across malware telemetry and agentic risk

Overview

The skill performs the advertised Alibaba Cloud conversation analysis, but it needs review because it can use local cloud credentials, sends sensitive conversations to a third party, and documents an under-bounded background polling flow.

Review before installing if you handle customer, financial, health, or regulated conversations. Use a dedicated least-privilege Alibaba Cloud RAM credential, avoid broad ContactCenterAI:* permissions where possible, keep sensitive data minimized or redacted, and supervise or disable the async cron polling flow unless you can bound retries and cancel pending checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill explicitly searches for and loads .env files from multiple relative paths and then reads Alibaba Cloud credentials from environment variables. For a conversation-analysis skill this creates implicit secret ingestion behavior that is broader than minimally necessary and can cause accidental use of developer or host credentials without clear user awareness or isolation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to send conversation text or audio URLs to Alibaba Cloud for analysis but does not require an explicit user-facing disclosure or consent step before transmitting potentially sensitive customer-service data. Because the data may include personal, confidential, or regulated information, silent transfer to a third-party cloud service creates a real privacy and compliance risk, especially in a conversation-analysis context.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code accesses cloud credentials from environment variables and local .env files without any user-facing disclosure or consent flow. In an agent skill context, silent secret consumption is risky because operators may not realize the skill can use host-level credentials to call external services on their behalf.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill sends user-supplied dialogue or audio URLs to an external Alibaba Cloud endpoint, but the provided skill metadata does not clearly disclose outbound data transfer. Because the input may contain sensitive call transcripts, silent transmission to a third-party cloud service raises confidentiality and compliance concerns.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal