ClawHub

oo

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Amap map-service skill, but users should handle location data and the Amap API key carefully.

Prefer setting AMAP_WEBSERVICE_KEY in your environment instead of saving a key in config.json, use a limited-quota Amap key, avoid sending private home/work locations or private heatmap data URLs unless intended, and install with a reviewed lockfile or patched axios version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The documented behavior includes persisting the Amap Web Service Key to a local config.json file, while the high-level description does not clearly disclose secret storage behavior. Storing API keys locally without explicit disclosure and secure handling guidance can expose credentials to other local users, backups, logs, or accidental source-control commits; the additional capability mismatches also undermine user trust about what the skill really does.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger conditions are broad enough to activate on common words like '找', '查', '附近', '路线', or '规划', which can cause the skill to run for unrelated conversations. In this skill's context, unintended activation can lead to unnecessary transmission of user queries or location-like data to external Amap services, creating privacy and consent issues.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The usage guidance says to use the skill whenever a user wants to search addresses, places, nearby information, route planning, or visualization, but it lacks clear constraints or opt-in boundaries. Without tighter scoping, the agent may invoke the skill too aggressively and send sensitive place/address data to third-party APIs when the user did not clearly request map service use.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The nearby-search flow instructs sending user-provided addresses/locations to Amap geocoding services but does not prominently warn that this data will be transmitted to a third party. Location data is sensitive, and silent transmission can violate user expectations, privacy policies, or regulatory requirements, especially when combined with stored API credentials.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "",
  "license": "MIT",
  "dependencies": {
    "axios": "^1.13.6"
  }
}
Confidence
86% confidence
Finding
"axios": "^1.13.6"

Known Vulnerable Dependency: axios==1.13.6 — 10 advisory(ies): CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF); CVE-2026-42044 (Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `pars); CVE-2026-42037 (Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in f) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
axios==1.13.6

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal