ClawHub

妈妈网爬虫

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed mama.cn parenting-article crawler that saves public web content locally, with notable but visible implementation risks around insecure fetching.

Install only if you want a crawler that contacts mama.cn and stores fetched articles under ~/.yuzhi/crawls/mama_cn/. Because it disables TLS certificate verification, use it only on networks you trust and treat saved Markdown as untrusted web content, not verified medical or parenting advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def get(url, timeout=15):
    """发送 HTTP GET 请求(使用 curl 避免 SSL 问题)"""
    import subprocess
    result = subprocess.run(
        ["curl", "-s", "--max-time", str(timeout),
         "-A", UA, "-k",  # -k: 不验证 SSL 证书(妈妈网证书问题)
         url],
Confidence
95% confidence
Finding
result = subprocess.run( ["curl", "-s", "--max-time", str(timeout), "-A", UA, "-k", # -k: 不验证 SSL 证书(妈妈网证书问题) url], capture_output=True, text=True )

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill declares no permissions while clearly instructing the agent to perform network access, shell execution, and filesystem writes. This creates a capability-transparency gap: users and policy layers may not realize the skill can fetch remote content and persist it locally, increasing the chance of unintended data writes or unreviewed external access.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Using an external curl subprocess for ordinary HTTP fetching is a genuine security weakness in an agent skill. It creates unnecessary dependency on an external executable and environment configuration, which can be abused through PATH hijacking or operational misconfiguration, and makes request behavior harder to constrain than a normal Python client.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger text is overly broad, including generic phrases like '爬取妈妈网', '/爬虫', or any situation involving collecting parenting knowledge. Broad activation conditions can cause the skill to run in contexts where the user did not explicitly request crawling, leading to unexpected web requests and local file creation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal