Oathe Security Badge

Is 1227323804/sensitive-check-skill safe?

https://clawhub.ai/1227323804/sensitive-check-skill

74
CAUTION

This skill sends user content to an external Chinese server for 'sensitive content detection' but poses significant privacy and security risks. While it doesn't contain malicious code execution or prompt injection, it exfiltrates user data without adequate transparency or security measures.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 25/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 30/100 · 5%

Findings (6)

CRITICAL User content sent to external server -60

The skill sends user-provided content to an external server at safeguard-pre.ucap.com.cn without explicit user consent or transparency about data handling practices.

HIGH SSL verification disabled -15

The HTTP request to the external server disables SSL certificate verification, making the connection vulnerable to man-in-the-middle attacks.

MEDIUM Data residency and compliance risks -40

Data is sent to a Chinese server (.com.cn domain) which may violate data residency requirements and compliance policies for organizations with geographic data restrictions.

MEDIUM Lack of transparency -30

The skill provides no clear privacy policy or explanation of how user data will be processed, stored, or protected by the external service.

LOW External HTTP requests -10

The skill makes HTTP requests to external servers, which could potentially be used for further malicious purposes.

LOW Unexpected network activity during testing -15

Network connections were made to the external API server during testing, indicating the skill may operate automatically upon installation.