ClawHub

围棋选手信息查询

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Go player lookup skill, but it sends searched names to external sites and may leave temporary browser state on disk.

Install only if you are comfortable with searched player names being sent to dzqzd.com and yichafen.com and with Playwright/Chromium running locally. Avoid sensitive personal lookups, and clear /tmp/yichafen_browser_data and /tmp/yichafen_state.json if local browser-state retention matters on your machine.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs use of network access, shell commands, Playwright automation, and implicitly file operations via local scripts, but it does not declare corresponding permissions or capability boundaries. This creates a mismatch between the advertised trust model and actual execution behavior, increasing the risk of unexpected network activity, browser automation against third-party sites, or unsafe local execution without user awareness.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script stores Playwright profile/session artifacts and state files in predictable world-accessible temporary paths under /tmp. On multi-user systems, this can expose cookies, browsing state, or query history to other local users or enable tampering via symlink/race attacks, especially because the code does not set restrictive permissions or warn users that data is written to disk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script submits user-provided names to a third-party website, which is a privacy and data-handling risk because the queried names may be personal data and users are not clearly informed that their input leaves the local environment. In an agent skill context, this is more dangerous because users may assume the assistant is performing a local lookup rather than transmitting identifiers to an external service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Batch mode launches a persistent browser context backed by disk storage, causing multiple users' queries and session data to accumulate on disk across runs. This increases privacy exposure and the blast radius of any local compromise because historical searches, cookies, and other browser artifacts may remain accessible or be reused unintentionally.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal