q-erp Phase 1 Management Query Skill

Name: q-erp
Author: ljqdh

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill is vulnerable to prompt injection

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

q-erp Phase 1 Management Query Skill: 本 Skill 只处理 ERP 一期管理查询： - 今日经营动态 - 商品销售情况 - 增长潜力

Actually does

This skill acts as a router for ERP management queries, processing user input to determine a specific `scene` (e.g., `erp.management.today.summary`, `erp.product.sales.overview`). It constructs a JSON payload with the `scene`, `userInput`, and `params` (including `tenantKey/openId`) and sends it to an external tool named `q-claw`. The skill also handles localization based on `context.locale` and displays a clickable `verificationUri` if `q-claw` returns an authentication error.

Threat Analysis

AI Agent Traps ↗Scanned 4/17/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction2 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseer1 finding

Skill Info

Nameljqdh/q-erp

Registryclawhub

Version1.0.6

PURLpkg:clawhub/ljqdh/q-erp@1.0.6

Stars1

Downloads114

Source

Repository ↗

SHA-2562c2205e141c5...

SHA-14b40f3aca149...

MD5f87f0725b7aa...

TLSH3a71b855cc3b...

Size3,804 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/ljqdh/q-erp

114 downloads

ClawHubDocs

openclaw skills install ljqdh/q-erp

Assessments (3)

AI Agent Traps ↗

Prompt Injection Detectedcriticalprompt injection

DeBERTa classifier detected prompt injection (confidence: 1.00)

100% confidence

Supply Chain Risk: Dependency on 'q-claw' toolmediumsupply chain

The skill explicitly mandates that all ERP management queries must call the 'q-claw' tool. This creates a supply chain dependency where the security and integrity of the 'q-claw' tool directly impact the security of this skill. If 'q-claw' is compromised or malicious, the skill becomes a conduit for attacks.

90% confidenceline 30

Critical Rules: 1. 所有 ERP 管理查询必须调用 `q-claw`

Prompt Injection Risk for Tool Parametersmediumprompt injection

The skill passes `userInput` and `params` to the `q-claw` tool. An attacker could craft malicious inputs via prompt injection to the agent, aiming to exploit potential vulnerabilities in `q-claw` or the underlying systems it interacts with, leading to unintended actions or data exposure.

70% confidenceline 52

调用字段固定为：`scene`、`userInput`、`params`

Potential for Social Engineering via 'verificationUri'mediumsocial engineering

The skill requires outputting a clickable Markdown link (`verificationUri`) for authentication. If the backend providing this URI is compromised, or if the agent can be manipulated via prompt injection to generate a malicious URI, it could lead to phishing or other social engineering attacks on the human user.

80% confidenceline 33

Critical Rules: 4. 返回 `AUTH_REQUIRED` 或 `AUTH_EXPIRED` 时，必须输出后端返回的 Markdown 可点击链接（`verificationUri`），格式为 `[点击授权](<verificationUri>)`

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/ljqdh/q-erp.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/ljqdh/q-erp)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/ljqdh/q-erp"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/ljqdh/q-erp.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/ljqdh/q-erp.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow