ClawHub

招标项目分析技能

Security checks across malware telemetry and agentic risk

Overview

The skill has a legitimate tender-analysis purpose, but it needs review because it gives broad MySQL authority, including root-style credentials and arbitrary SQL execution, without enough guardrails.

Install only after review. Use a dedicated least-privilege MySQL account, replace the bundled root/password configuration, avoid production databases, back up data before imports, and do not use the custom SQL option unless you understand it can modify or delete database data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The importer silently injects hard-coded timeline events with fixed future dates that do not come from the Excel source data. This creates integrity issues: users may trust these records as real scheduling data, leading to incorrect operational decisions, audit problems, and contamination of downstream analytics.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The interactive option for '自定义SQL查询' accepts arbitrary SQL from the user and passes it directly to cursor.execute without constraining it to read-only statements. This enables destructive or unauthorized operations such as UPDATE, DELETE, DROP, or data exfiltration if an untrusted user can access the tool, and the skill context makes this more dangerous because the tool is presented as a general query/analysis utility rather than an administrative database console.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
A script presented as a test utility unexpectedly mutates the workspace by creating directories and later writing a sample Excel file. Hidden side effects in a test script can overwrite or pollute project state, which is risky in automation pipelines and violates user expectations about read-only validation.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The function named as a structure test also repairs the structure by creating missing directories, which is deceptive behavior for a checker. In security-sensitive or CI contexts, unexpected writes can mask underlying issues and modify repositories or mounted paths without clear consent.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The example manifest uses very broad trigger keywords like '招标', '分析', and '数据库', which are common terms likely to appear in many unrelated conversations. In agent platforms, overly generic triggers can cause accidental invocation, routing confusion, or unintended activation of a skill in contexts where it should not run.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The README defines very broad trigger terms such as “招标”, “投标”, “项目分析”, and especially “数据库”, which can cause the skill to activate in many unrelated conversations. Unintended invocation is risky here because the skill advertises database creation, import, and query capabilities, so accidental activation could lead to unnecessary access to local files or data-modifying workflows.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The README explicitly describes automatic MySQL database/table creation and bulk data import, but does not warn users that these operations can create, alter, or populate persistent storage. In this skill context, that omission is meaningful because the documented behavior involves state-changing operations on a database, increasing the chance of unsafe use, accidental overwrites, or execution in a production environment without informed consent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are very generic, such as analyzing files, importing Excel data, querying projects, and generating reports. Broad triggers can cause the skill to activate on ordinary user requests outside the intended context, which may lead to unintended database access, data import, or processing of sensitive files without clear user intent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill handles Excel extraction and MySQL storage but does not warn users about sensitive data handling, retention, access control, or the risks of importing potentially confidential procurement information. In a workflow involving database storage, missing privacy and data-handling guidance increases the chance of unauthorized retention, over-collection, or accidental exposure of business-sensitive data.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list includes broad terms like "数据库", "mysql", and "招标" that can match many ordinary user requests beyond the skill's specific purpose. In agent routing systems, overly generic triggers can cause this skill to activate unintentionally, increasing the chance of inappropriate tool use, data handling, or interference with more suitable skills.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script exposes raw custom SQL execution in the user interface without any warning that entered statements may modify or destroy data. While the core issue is the unsafe feature itself, the absence of warnings and guardrails increases the likelihood of accidental misuse and harmful execution by operators who may assume this is a safe read-only query tool.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script creates directories and writes a sample spreadsheet without up-front disclosure that running tests will change the filesystem. This can surprise users, interfere with existing files, and create unintended artifacts in shared workspaces or repositories.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal