ClawHub

中国天气技能 (cn-weather) v1.0.0 发布。 - 提供中国城市天气数据,集成和风天气(QWeather)

Security checks across malware telemetry and agentic risk

Overview

This weather skill is probably not malicious, but it needs Review because it reads plaintext local secrets and can send email automatically to a hardcoded address.

Install only if you are comfortable with this skill reading TOOLS.md, using QWeather and QQ SMTP credentials, and sending reports by email. Treat TOOLS.md as plaintext, keep it out of Git and synced backups, remove or override the hardcoded default recipient, and avoid running the script unless you intend to send an email report.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises capabilities to read local files and access the network, including fetching secrets from TOOLS.md and contacting external APIs, but it does not declare corresponding permissions in the manifest. This creates a transparency and policy-enforcement gap: users and hosting platforms may approve a seemingly low-privilege skill that actually performs privileged actions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The declared purpose is weather retrieval, but the documented behavior also includes reading sensitive local secrets, authenticating to SMTP, and sending email to recipients. This is dangerous because hidden or under-declared secondary behaviors increase the risk of credential misuse, data exfiltration, and user surprise, especially in an agent ecosystem where users rely on the description to understand what a skill will do.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The documentation claims that secrets in TOOLS.md are 'encrypted', but the setup example instructs users to place raw API keys and email authorization codes directly into that file. This can mislead users into storing plaintext credentials under a false sense of safety, increasing the chance of local disclosure, accidental sharing, or source control leakage.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a weather-data fetcher, but it also performs SMTP email transmission of generated reports. This expands the capability from passive data retrieval to outbound messaging, which can surprise users, trigger unintended data exfiltration paths, and create abuse potential if the script is run automatically.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The code parses email credentials from a shared TOOLS.md file and then uses them for outbound messaging, even though the stated purpose is weather retrieval. Accessing unrelated sensitive credentials broadens the trust boundary and creates a clear path for unauthorized or unexpected use of mailbox secrets.

Intent-Code Divergence

Low
Confidence
80% confidence
Finding
The security note claims sensitive configuration comes from TOOLS.md, yet a default recipient address is hardcoded elsewhere in the script. This inconsistency undermines user expectations and can lead to unintentional transmission to a fixed third party if the script is executed without parameters.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
A hardcoded default recipient causes outbound email to be sent to a fixed address when no recipient is provided. In an automated or shared environment, this can leak weather reports, timestamps, and operational context to an unintended party without user awareness.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal