ClawHub

编程政策查找

Security checks across malware telemetry and agentic risk

Overview

The skill’s main purpose is coherent, but it exposes a plaintext DeepSeek API key and uses hardcoded local paths that can overwrite files.

Review before installing. Do not use the bundled DeepSeek API key; it should be revoked and replaced with a user-provided secret from an environment variable or secret manager. Before running the script, change the hardcoded Windows paths and confirm that overwriting 政策.csv and deleting 进度.txt are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill declares no permissions even though its documented behavior clearly includes local file reads/writes and outbound network access. This is dangerous because users and calling agents cannot accurately assess what the skill will do before execution, reducing informed consent and weakening policy enforcement around data access and exfiltration.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented purpose sounds like a policy-query helper, but the actual described behavior includes hardcoded credentials, fixed desktop file access, persistent local output/progress files, and unattended batch processing. This mismatch is dangerous because it can cause operators to run a skill under false assumptions, leading to unintended data exposure, unauthorized filesystem access, and uncontrolled external API usage.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill documentation exposes a plaintext DeepSeek API key directly in the file. This is dangerous because anyone with access to the skill can reuse the credential for unauthorized API calls, incur charges, exhaust quotas, or impersonate the owner’s usage.

Missing User Warnings

High
Confidence
99% confidence
Finding
Including a hard-coded API key without warning or safe-handling guidance leaves a live credential exposed to any reader of the skill. The absence of handling guidance increases the chance that users will copy, store, or redistribute the key insecurely, compounding credential compromise risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation does not clearly warn users that running the skill transmits data to an external service and writes result/progress files locally. This is dangerous because users may unknowingly expose sensitive query content to a third party or leave sensitive artifacts on disk without consent or retention controls.

Missing User Warnings

High
Confidence
99% confidence
Finding
A live API key is hardcoded in the script and then used for outbound requests. If the skill file is shared, logged, or committed to a repository, the credential can be stolen and abused for unauthorized API usage, billing fraud, or access under the owner's identity; in an agent skill context this is more dangerous because skills are often distributed or inspected by multiple parties.

Ssd 3

High
Confidence
99% confidence
Finding
A plaintext API key in skill documentation is a direct secret exposure. If exploited, attackers or unauthorized users can consume the API under the owner’s account, potentially causing billing loss, service abuse, and reputational damage.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal