Oathe Security Badge

Is 27555402-spec/cn-daily-tools safe?

https://clawhub.ai/27555402-spec/cn-daily-tools

73
CAUTION

This Chinese utility skill appears benign in content but exhibits highly suspicious installation behavior by accessing sensitive credential files. While the skill documentation describes legitimate weather, currency, and news functions, the installation process unnecessarily accessed SSH keys, cloud credentials, and other sensitive files.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 30/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 85/100 · 10%
Behavioral Reasoning 20/100 · 5%

Findings (3)

CRITICAL Unauthorized credential file access -70

The installation process accessed multiple sensitive credential files including SSH private keys, AWS credentials, Docker configuration, and GCP service account keys. This behavior is highly suspicious for a documentation-only skill.

MEDIUM Unclear implementation claims -5

Skill claims to provide real-time weather, currency, and news data without requiring API keys, but doesn't explain how this is accomplished. This could indicate hidden external service dependencies.

LOW Honeypot file access -15

Installation process accessed canary/honeypot files designed to detect unauthorized data access, though files were not modified.