Skill 查找器 v1.0.1

Name: skill-finder-cn
Author: guohongbin-git

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill is highly vulnerable to command injection, allowing arbitrary code execution and data exfiltration due to unsanitized user

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Skill 查找器 v1.0.1: 帮助用户发现和安装 ClawHub 上的 Skills。

Actually does

This skill uses the `clawhub` CLI tool to search, inspect, install, and list skills from ClawHub. It can also directly query `https://clawhub.ai/api/v1/skills/<skill-name>` using `curl` and `jq` to retrieve skill statistics. Additionally, it uses `ls` to verify local skill installations and list locally installed skills.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction3 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Nameguohongbin-git/skill-finder-cn

Registryclawhub

Version1.0.1

PURLpkg:clawhub/guohongbin-git/skill-finder-cn@1.0.1

Stars101

Downloads31,091

Installs279

Source

Repository ↗

SHA-256762005fbdc05...

SHA-1895ec7683c13...

MD53147b6bfc0ea...

TLSHc751c86d8078...

Size2,684 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/guohongbin-git/skill-finder-cn

31,091 downloads279 installs

ClawHubDocs

openclaw skills install guohongbin-git/skill-finder-cn

Assessments (1)

AI Agent Traps ↗

Command Injection via Unsanitized User Inputcriticalcommand execution

The skill constructs multiple shell commands (`clawhub search`, `clawhub inspect`, `clawhub install`, `curl`, `jq`, `ls`) using user-provided input (`<用户需求>`, `<skill-name>`) without apparent sanitization. This vulnerability allows a malicious user to inject arbitrary shell commands, leading to potential arbitrary code execution on the agent's host system.

100% confidenceline 30

clawhub search "<用户需求>"
clawhub inspect <skill-name>
curl "https://clawhub.ai/api/v1/skills/<skill-name>" | jq '.skill.stats'
clawhub install <skill-name>
ls ~/.openclaw/workspace/skills/<skill-name>/SKILL.md

Potential Data Exfiltration via `curl` commandhighdata exfiltration

The skill uses `curl` to fetch skill details from an external API. If the `<skill-name>` parameter is vulnerable to command injection, an attacker could manipulate the URL to exfiltrate sensitive data from the agent's environment to an attacker-controlled server.

100% confidenceline 43

curl "https://clawhub.ai/api/v1/skills/<skill-name>" | jq '.skill.stats'

Reconnaissance via `ls` command injectionmediumreconnaissance

The `ls` command is used for verifying skill installation, taking `<skill-name>` as input. If this input is not properly sanitized, an attacker could inject commands to list arbitrary directories or files on the system, potentially revealing sensitive information about the agent's environment.

100% confidenceline 58

ls ~/.openclaw/workspace/skills/<skill-name>/SKILL.md

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/guohongbin-git/skill-finder-cn.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/guohongbin-git/skill-finder-cn)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/guohongbin-git/skill-finder-cn"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/guohongbin-git/skill-finder-cn.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/guohongbin-git/skill-finder-cn.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow