ClawHub

goverment bidding fetcher

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform the advertised procurement scraping, but it stores and reuses live site credentials in plaintext with limited safeguards.

Install only if you are comfortable giving this tool live procurement-site bearer tokens and cookies. Avoid pasting real secrets into chat or shell history, run it from a trusted directory, inspect and protect any .env file it creates, be cautious with proxies and generated Excel files, and rotate credentials if they may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The code silently persists refreshed session cookies back to a local .env file, which expands the tool from read-only scraping into credential management. Storing live session material on disk increases the chance of credential leakage through source control, backups, logs, or other local compromise, especially because this happens automatically without explicit user approval.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The CLI includes a credential-registration mode that writes bearer tokens and session cookies into .env, which is outside the narrowly described data-fetch/reporting behavior. This creates a local secret-at-rest exposure and can normalize handling authentication material in a way users may not expect from a scraper tool.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
This section implements a credential storage/update registry and parser that accepts bearer tokens and cookies, then persists them locally. Even if intended for operational convenience, retaining active authentication artifacts on disk broadens the attack surface and can expose access to third parties who gain filesystem or repository access.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad enough to match ordinary conversations about government procurement, which can cause the skill to activate unexpectedly. Because the skill performs network access and file output, accidental invocation could lead to unintended scraping, credential use, or local file creation without clear user intent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill handles authentication material such as Bearer tokens, session cookies, proxy settings, and writes Excel reports, but it does not warn users that these inputs and outputs are sensitive. In this context, the skill may ingest live procurement credentials from .env files and produce local artifacts containing procurement data, increasing the risk of credential leakage, accidental disclosure, or insecure storage.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code persists arbitrary updates, including credential fields such as bearer tokens and session cookies, into a .env file without enforcing restrictive file permissions, filtering sensitive keys, or warning the user. In this skill's context, the tool is designed to handle live procurement-platform credentials, so writing them into the current working directory or a shared home config path increases the chance of accidental disclosure through source control, backups, multi-user access, or workspace exposure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Automatically writing refreshed session cookies to .env without notice or confirmation is unsafe because users may not realize sensitive credentials are being retained beyond the current run. This can lead to accidental disclosure if the file is shared, committed, or read by other local processes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The CLI allows users to save bearer tokens and session cookies to disk but does not clearly communicate that these are sensitive credentials that may grant authenticated access. Lack of warning increases the risk of inadvertent exposure via shell history, shared machines, repository commits, or weak file protections.

Credential Access

High
Category
Privilege Escalation
Content
cfg.update(_load_env_file(global_env))

    # 局部配置(高优先级)
    local_env = Path.cwd() / '.env'
    cfg.update(_load_env_file(local_env))

    # 环境变量最高优先级
Confidence
83% confidence
Finding
.env'

Credential Access

High
Category
Privilege Escalation
Content
# ── .env 文件操作 ───────────────────────────────

def get_env_path() -> Path:
    """返回当前生效的 .env 文件路径(优先局部,其次全局)。"""
    local = Path.cwd() / '.env'
    if local.exists():
        return local
Confidence
83% confidence
Finding
.env

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal