ClawHub

Italent Overtime

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for iTalent overtime management, but it handles HR credentials and can change live overtime records with too little scoping and user-safety guidance.

Install only if you are authorized to manage the relevant iTalent overtime records. Use least-privilege API credentials, avoid pasting secrets into shared shells or chats, do not use --save unless you can protect ~/.italent-overtime.conf, and require explicit human confirmation before any push or cancel action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The document explicitly warns against including real credentials, then later provides what appear to be actual AppKey and AppSecret values in a copy-paste authentication example. Even if these are test credentials, publishing realistic secrets in install docs encourages unsafe handling, risks accidental reuse in production, and can expose access to the associated iTalent/Open Platform tenant if the values are live.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The privacy guidance states that user data is not uploaded, yet the documented functionality explicitly sends overtime requests and employee identifiers to the Beisen/iTalent external API. This creates a misleading security claim that can cause users to disclose sensitive HR and attendance data under false assumptions about data flows.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger list contains broad terms such as '北森', 'iTalent', and '考勤', which can cause the skill to activate for unrelated HR or attendance conversations. In this skill's context, unintended invocation is more dangerous because the skill can perform real overtime actions and may prompt for or use sensitive employee identifiers and API credentials.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The guide instructs users to enter AppKey and AppSecret and save them locally, but does not prominently warn that these are sensitive credentials or describe secure handling expectations. This increases the risk of credential leakage through shell history, screenshots, shared terminals, weak local file permissions, or unsafe reuse practices.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The natural-language examples invoke real overtime submission and cancellation actions without emphasizing that these operations can create, alter, or revoke actual HR records. In an agent-driven environment, this can lead to accidental execution from ambiguous requests, causing unauthorized or unintended changes to attendance and payroll-related data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The publishing guide shows authentication examples that pass AppKey and AppSecret directly as command-line arguments. On many systems, command-line arguments can be exposed through shell history, process listings, logging, and terminal session capture, which can leak long-lived credentials to other local users or monitoring tools.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The published documentation instructs users to pass AppKey and AppSecret directly on the command line and to persist them with --save, but provides no warning about shell history, process-list exposure, file permissions, or secure storage. Because this skill operates against a real HR/overtime system, exposed credentials could let an attacker query, submit, or revoke overtime data and potentially access sensitive employee-related records through the associated API account.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill asks users for AppKey and AppSecret, transmits them to obtain an access token, and supports saving resulting credentials/token material to a local config file, but it does not prominently warn that these are sensitive secrets. Without clear handling guidance, users may expose credentials in shell history, logs, screenshots, or insecure local storage.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The push and cancel commands modify remote overtime records and explicitly trigger approval workflows, but the documentation does not present a strong warning that these actions affect production HR data and may be difficult to reverse operationally. In an agent-driven environment, weak warnings increase the risk of accidental submissions, cancellations, or bulk changes to employee records.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The troubleshooting guide instructs users to delete the local configuration file but does not warn that this removes stored authentication state and may discard active credentials or other local settings. While not an exploit by itself, this can lead to accidental credential loss, confusion, and unsafe recovery practices such as re-entering secrets in insecure contexts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The document includes an example configuration file containing an access token and app key without labeling them as sensitive. This increases the risk that users will paste real credentials into tickets, chats, screenshots, or source control, enabling unauthorized API access if exposed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persists an access token and app key in a predictable file under the user's home directory without setting restrictive permissions or warning the user about credential persistence. On multi-user systems, shared environments, backups, or compromised local accounts, this can expose reusable API credentials and enable unauthorized overtime operations or data access.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes generic terms such as "加班", "北森", "iTalent", and "考勤", which can match many ordinary user requests and invoke the skill when the user did not intend to perform HR overtime actions. Because this skill can query, push, or revoke overtime records and uses privileged API credentials, unintended invocation could lead to accidental data access or modification in a sensitive HR system.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal