100Critical
This research skill allows prompt injection, arbitrary file writes
Behavior Analysis
Description verified — behavior matches claim
Claims to do
CueCue 深度研究技能: CueCue 是专为金融行业设计的深度研究工具。本技能说明 `cue` 命令行工具的调用方式,智能体应通过此技能执行金融深度研究任务。
Actually does
This skill executes the `cue` command-line tool via `exec` to perform financial deep research. It sends a research query, an API key, and optionally a base URL, conversation ID, template ID, or mimic URL to the `cuecue.cn` service. The output is a Markdown report saved to a specified local file path.
Skill Info
Namexfgong/cuecue-deep-research
Registryclawhub
Version1.1.3
PURLpkg:clawhub/xfgong/cuecue-deep-research@1.1.3
Stars2
Downloads2,609
Installs4
Source
SHA-25694718ec22252...
SHA-1c2672b6ed3ef...
MD5b82df00a0823...
TLSHd2a12bfcdc0b...
ssdeep96:3RqsJxkfg...
Size4,912 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
ClawHubDocs
openclaw skills install xfgong/cuecue-deep-researchAssessments (2)
AI Agent Traps ↗Prompt Injection Detectedcriticalprompt injection
DeBERTa classifier detected prompt injection (confidence: 0.99)
99% confidence
Arbitrary File Write via --output optioncriticalcommand execution
The `--output` option allows the agent to specify an arbitrary file path for saving reports. This could be exploited to write to sensitive system files, achieve persistence, or facilitate further attacks.
100% confidenceline 68
`--output`, `-o FILE` | Y | 将报告保存为文件(Markdown 格式)。推荐格式:`~/cue-reports/...`
Arbitrary URL Interaction (SSRF/Data Exfiltration)highdata exfiltration
The `--mimic-url` and `--base-url` options allow the agent to interact with arbitrary external URLs. This could be leveraged for Server-Side Request Forgery (SSRF) to access internal network resources or to exfiltrate data to attacker-controlled domains.
100% confidenceline 57
`--base-url URL` | CueCue API 基础地址 (https://cuecue.cn) `--mimic-url URL` | 模仿指定 URL 的写作风格
Tool Configuration Manipulationmediumtool poisoning
The `cue config set <key> <value>` command allows the agent to modify the tool's configuration, including the API key. An attacker could use this to store their own API key or redirect API calls to a malicious endpoint.
90% confidenceline 99
`cue config set <key> <value>` | 保存配置项(如 `cue config set api_key YOUR_KEY`)
Direct Command Execution via 'exec'mediumcommand execution
The skill explicitly instructs the agent to use `exec` for calling the `cue` command, rather than a potentially more sandboxed method like `sessions_spawn`. This direct execution model amplifies the risk of vulnerabilities in the command's parameters.
90% confidenceline 67
智能体应使用 `exec` 直接调用 `cue` 命令,**不得**使用 `sessions_spawn` 方式调用。
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/clawhub/xfgong/cuecue-deep-research)HTML
<a href="https://mondoo.com/ai-agent-security/skills/clawhub/xfgong/cuecue-deep-research"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/xfgong/cuecue-deep-research.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/clawhub/xfgong/cuecue-deep-research.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow