ClawHub

识别5300中银行流水样式、识别简版征信、详版征信、企业版征信等各种信贷文件汇总成专业分析报告。

Security checks across malware telemetry and agentic risk

Overview

The skill matches its stated credit-file analysis purpose, but it handles highly sensitive credit and banking documents through public links, an external service, optional document passwords, and an embedded enterprise API key with unclear privacy boundaries.

Review before installing. Use this only if you trust the publisher and ipipei with credit reports, bank statements, identity details, and any PDF passwords. Prefer short-lived access-controlled links over broadly public URLs, revoke access after processing, avoid sharing document passwords unless necessary, and confirm provider retention/deletion and report-link access policies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill invokes a Python script that performs outbound network requests to a third-party file parsing service, yet no explicit permissions or trust boundaries are declared. In a skill handling credit reports and bank statements, undeclared network capability is security-relevant because it can transmit highly sensitive financial and identity data off-platform without clear user-facing authorization or governance.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script contains a hard-coded enterprise credential (`ENTERPRISE_KEY`) that can be extracted by anyone with access to the skill code and then used to mint API tokens against the remote service. Because this skill handles highly sensitive financial documents, embedding a reusable service credential creates a direct risk of unauthorized service use, abuse of the tenant account, and possible access to downstream data or billable operations.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill requires users to supply publicly accessible URLs for extremely sensitive documents such as personal credit reports and bank statements, but provides no warning that this exposes the files to anyone with the link or to unintended crawlers/intermediaries. This materially increases the risk of privacy breaches, identity theft, financial fraud, and unauthorized long-term access to regulated personal data.

Missing User Warnings

High
Confidence
98% confidence
Finding
The hard-coded enterprise credential is not merely present; it is actively used to request an API token without any disclosure to the user that the skill is operating with embedded third-party service credentials. This obscures trust boundaries and enables silent use of a shared organizational account for processing sensitive credit data, which is especially risky if the code is redistributed or run in untrusted environments.

Missing User Warnings

High
Confidence
97% confidence
Finding
The script uploads public URLs for credit reports and bank statements to an external API, causing sensitive financial data to be transmitted to a third party without explicit consent or a privacy warning. In this skill context, the data categories are unusually sensitive, so silent external transmission materially increases privacy, compliance, and data-handling risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script forwards document passwords to the remote API as part of the request payload without an explicit warning or consent flow. A document password is itself sensitive authentication material; transmitting it to a third party expands exposure and can enable unauthorized document access if logs, intermediaries, or the provider are compromised.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal