ClawHub

keyue-call

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Baidu AIOB outbound-calling helper, but it can place real phone calls and should be used only with clear recipient consent and careful confirmation.

Install only if you trust the Baidu AIOB account and need automated outbound calls. Keep accessKey, secretKey, tokens, phone numbers, and call content out of shared logs or repositories, and confirm the recipient, permission to call, scheduled time, and message content before running or scheduling the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly instructs reading local configuration files and making authenticated outbound network requests, yet no explicit permissions are declared. That mismatch weakens review and consent boundaries: a user or platform may not realize the skill can read stored credentials and place real outbound calls. In this context, the capability is especially sensitive because it can trigger real telephony actions with privacy and cost implications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explains how to use stored AK/SK, access tokens, and default phone numbers to create immediate or scheduled outbound call tasks, but it does not prominently warn that this causes real calls to be placed. Because the skill also allows fallback to a default mobile number in some cases, a user could trigger unexpected calls, disclosure of message content, charges, or privacy harm without fully understanding the consequence.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script immediately obtains credentials, constructs an outbound call request, and submits it to a third-party API without any interactive confirmation, dry-run mode, or explicit safety warning to the operator. In the context of a call-automation skill, this increases the risk of accidental calls, unintended disclosure of phone numbers and dialog variables, and abuse if the script is triggered with untrusted inputs or via automation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal