ClawHub

Dtc Report

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real DTC business report generator, but it handles sensitive financial/customer spreadsheets with weak scoping and generates reports that can be misleading or load remote JavaScript.

Install only if you intend this skill to read the specified local DTC business-data workspace and produce reports containing customer names, sales rankings, revenue, profit, and loss-customer details. Review the source paths and generated HTML before sharing, avoid opening reports in sensitive environments unless the remote Chart.js dependency is removed or pinned, and treat the financial calculations as requiring validation before business decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (14)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document defines opposite scaling directions for partial-month D-segment revenue/gross profit: earlier sections and examples upscale actuals to a full-month estimate using total_days / elapsed_days, while the later rule table uses actual_days / month_days, which downscales them. In a financial reporting skill, this inconsistency can systematically distort revenue, gross profit, achievement rates, and downstream AI-generated conclusions depending on which section an implementation follows.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The module reads detailed local Excel workbooks containing customer-level revenue data from a hard-coded user directory and surfaces customer-specific declines in the generated analysis. That expands data access beyond high-level report generation into sensitive underlying records, increasing privacy and data-minimization risk if the skill is run in environments with broader filesystem access than users expect.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The HTML footer hard-codes the statement '本期(2026 Q1)收入贡献' even though the data path accepts an arbitrary period parameter and can analyze other periods. This can silently mislabel generated reports, causing decision-makers to trust incorrect time-context for revenue analysis; in a business reporting skill, integrity of reported period labels is security-relevant because it can mislead downstream approvals or financial decisions.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The report appendix states that unfinished-month data will be prorated or estimated, but the implementation explicitly disables that logic and uses raw values instead. This creates a data integrity vulnerability: decision-makers may rely on materially incorrect or misleading business figures because the report documents controls and calculations that are not actually applied.

Intent-Code Divergence

Low
Confidence
92% confidence
Finding
The report hardcodes a data cutoff date of '2026 年 3 月 30 日' even though the script accepts arbitrary periods and reads files dynamically. This can misrepresent data freshness and completeness, causing readers to trust stale or incomplete analysis under a false timestamp.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The function claims to read budget data from an Excel source but actually returns hard-coded values. In a financial reporting skill, this can silently produce materially incorrect reports when the source budget changes, undermining report integrity and decision-making.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The code comments say incomplete-month D-segment revenue/profit should be extrapolated by days, but the implementation multiplies by end_day/31, which reduces partial-month values instead of scaling them up. This creates systematically understated financial results and can mislead downstream business analysis or management decisions.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The appendix documents one D-segment adjustment rule while the main report logic later applies a blanket 31/30 uplift to all current-month revenue and profit fields. In a reporting tool, contradictory transformation rules are dangerous because they can lead to double-adjustment or inconsistent totals that appear authoritative to users.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill metadata and flow suggest automated extraction from source systems, but the main routine injects manually hard-coded budget and month-over-month values. This can conceal stale or fabricated inputs inside an apparently automated pipeline, causing users to trust inaccurate outputs.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The function is documented and named as if it reads both revenue and gross profit budget data from the Excel source, but it instead fabricates gross profit by applying a hard-coded 6% margin. In a financial reporting skill, this can silently produce materially inaccurate management reports and mislead downstream decision-making because users will reasonably trust the output as sourced budget data.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The report loads Chart.js from a third-party CDN at render time, which creates an unnecessary external trust and network dependency for a local business report. If the CDN content is tampered with, unavailable, or blocked, opening the report could execute untrusted JavaScript or fail to render correctly, which is especially inappropriate for an internal report containing sensitive operational data.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrase '看看 DTC 的经营情况' is broad and conversational, which increases the chance of accidental invocation when a user is merely asking for general discussion rather than requesting report generation. In a skill that performs data retrieval and report generation with file I/O, unintended triggering can expose internal business data or launch unnecessary processing without clear user intent.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code accesses local Excel files with customer and business data without any explicit user-facing notice, consent, or runtime disclosure. In a report-generation skill, silent collection of detailed local records can violate user expectations and organizational data-handling requirements, especially because the path targets a specific local workspace.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code hard-codes a specific local Windows path under a user profile and automatically reads matching Excel files from it. This can expose sensitive business data unexpectedly, couples execution to one operator's environment, and may disclose filesystem structure or cause unauthorized local data access when the skill runs in a broader agent context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal