ClawHub

还活着么监测服务

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because it handles sensitive safety check-ins but its alerting code is unreliable and its data and credential protections are inadequate.

Do not rely on this package as a real safety-monitoring service without substantial fixes. Before installing, require tested emergency-alert delivery, authentication and authorization, removal and rotation of the exposed SkillPay key, plaintext-data protections, clear consent from monitored users and emergency contacts, and documented retention/deletion behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (22)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The README embeds a real-looking SkillPay API key directly in the example .env configuration while also claiming strong privacy protections. Publishing credentials in documentation can lead to unauthorized API use, billing abuse, or compromise of connected payment/service accounts, and it undermines the stated security posture.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The Discord notification path does not use `contact.discord` and instead calls a generic sender, so alerts intended for a specific emergency contact may be delivered to a default channel, wrong recipient set, or a broader audience. In this skill's context, the messages contain sensitive welfare and emergency-status information, so misrouting creates a real privacy breach and can also prevent the intended contact from receiving urgent alerts.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The documented API collects highly sensitive personal data, including names, phone numbers, and emergency contact information, but the README does not clearly warn about consent, legal obligations, retention, or privacy risks. In a safety-monitoring service, misuse or poor operator practices could expose third-party data or lead to non-consensual monitoring.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The README highlights automatic multi-channel alerts to emergency contacts but does not prominently warn about false alarms, accidental triggering, or the sensitivity of broadcasting a person's status. In this context, unintended notifications could cause panic, reputational harm, privacy violations, or desensitization to real emergencies.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents collection of highly sensitive personal data, including names, phone numbers, emergency contact details, and escalation notifications, but provides no privacy notice, consent language, retention policy, or data-sharing warning. In a safety-monitoring context, this omission can cause users to disclose third-party contact data and personal safety information without understanding who will receive it or how it will be used.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The check-in and status APIs expose sensitive lifestyle and potentially health-related information, including mood, location, last activity time, and inferred well-being status, without any warning about sensitivity or privacy risks. Because the skill targets vulnerable populations such as elderly people and patients, misuse or overexposure of this data could enable surveillance, profiling, stalking, or disclosure of private health circumstances.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The registration endpoint collects personal data including name, phone number, and emergency contacts without any visible consent notice, privacy disclosure, or authentication controls. In a life-check service, this data is highly sensitive because it can expose social relationships and enable stalking, doxxing, or misuse if stored or accessed improperly.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The check-in endpoint accepts location data and personal status information without any visible notice, consent flow, or access control. Location data is especially sensitive in a safety-monitoring context because unauthorized collection or exposure can reveal a user's movements, home, routines, or vulnerable state.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
`logUsage` sends `userId`, action data, timestamp, and amount to a third-party payment service, which creates a privacy and data-governance risk if users are not informed or if the identifier is unnecessary for the logging purpose. In a skill context, silent transmission of user-linked usage data to an external service increases exposure of behavioral data and can create compliance issues even if the code is not overtly malicious.

Ssd 3

High
Confidence
98% confidence
Finding
A real-looking API key is present in plain text in the README, which is a direct secret disclosure. Attackers or unauthorized users could reuse the credential for service access, billing fraud, data access, or abuse of any linked payment or notification functionality.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "zhdryanchang",
  "license": "MIT",
  "dependencies": {
    "axios": "^1.6.0",
    "node-cron": "^3.0.3",
    "telegraf": "^4.15.0",
    "discord.js": "^14.14.0",
Confidence
85% confidence
Finding
"axios": "^1.6.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"license": "MIT",
  "dependencies": {
    "axios": "^1.6.0",
    "node-cron": "^3.0.3",
    "telegraf": "^4.15.0",
    "discord.js": "^14.14.0",
    "nodemailer": "^6.9.7",
Confidence
83% confidence
Finding
"node-cron": "^3.0.3"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"dependencies": {
    "axios": "^1.6.0",
    "node-cron": "^3.0.3",
    "telegraf": "^4.15.0",
    "discord.js": "^14.14.0",
    "nodemailer": "^6.9.7",
    "dotenv": "^16.3.1",
Confidence
84% confidence
Finding
"telegraf": "^4.15.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"axios": "^1.6.0",
    "node-cron": "^3.0.3",
    "telegraf": "^4.15.0",
    "discord.js": "^14.14.0",
    "nodemailer": "^6.9.7",
    "dotenv": "^16.3.1",
    "express": "^4.18.2",
Confidence
84% confidence
Finding
"discord.js": "^14.14.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"node-cron": "^3.0.3",
    "telegraf": "^4.15.0",
    "discord.js": "^14.14.0",
    "nodemailer": "^6.9.7",
    "dotenv": "^16.3.1",
    "express": "^4.18.2",
    "moment": "^2.29.4"
Confidence
88% confidence
Finding
"nodemailer": "^6.9.7"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"telegraf": "^4.15.0",
    "discord.js": "^14.14.0",
    "nodemailer": "^6.9.7",
    "dotenv": "^16.3.1",
    "express": "^4.18.2",
    "moment": "^2.29.4"
  },
Confidence
80% confidence
Finding
"dotenv": "^16.3.1"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"discord.js": "^14.14.0",
    "nodemailer": "^6.9.7",
    "dotenv": "^16.3.1",
    "express": "^4.18.2",
    "moment": "^2.29.4"
  },
  "devDependencies": {
Confidence
86% confidence
Finding
"express": "^4.18.2"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"nodemailer": "^6.9.7",
    "dotenv": "^16.3.1",
    "express": "^4.18.2",
    "moment": "^2.29.4"
  },
  "devDependencies": {
    "nodemon": "^3.0.2"
Confidence
78% confidence
Finding
"moment": "^2.29.4"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"moment": "^2.29.4"
  },
  "devDependencies": {
    "nodemon": "^3.0.2"
  }
}
Confidence
76% confidence
Finding
"nodemon": "^3.0.2"

Known Vulnerable Dependency: axios==1.6.0 — 10 advisory(ies): CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF); CVE-2026-42044 (Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `pars); CVE-2026-25639 (Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
axios==1.6.0

Known Vulnerable Dependency: nodemailer==6.9.7 — 5 advisory(ies): GHSA-9h6g-pr28-7cqp (nodemailer ReDoS when trying to send a specially crafted email); GHSA-c7w3-x93f-qmm8 (Nodemailer has SMTP command injection due to unsanitized `envelope.size` paramet); CVE-2025-13033 (Nodemailer: Email to an unintended domain can occur due to Interpretation Confli) +2 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
nodemailer==6.9.7

Known Vulnerable Dependency: express==4.18.2 — 2 advisory(ies): CVE-2024-43796 (express vulnerable to XSS via response.redirect()); CVE-2024-29041 (Express.js Open Redirect in malformed URLs)

Low
Category
Supply Chain
Confidence
93% confidence
Finding
express==4.18.2

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal