ClawHub

AI提示词变现

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a prompt-selling workflow, but it includes real-looking account credentials and tells the agent to read a local secret file and automate third-party logins.

Install only after removing all embedded credentials and the instruction to read ../主对话/SECRET.md. Treat the listed phone numbers and passwords as compromised if real, rotate them, and require explicit user confirmation before any login, sale listing, public post, or private-message action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill embeds third-party account credentials and explicitly instructs the agent to use them for automated logins, which creates unauthorized access and account-compromise risk. This is especially dangerous because the workflow is about content monetization, not identity or credential management, so the capability is broader than necessary and could be abused for account takeover or unapproved posting.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill tells the agent to read secrets from an external SECRET.md file to perform logins, granting secret-access behavior unrelated to the core workflow. Allowing a skill to fetch credentials from files materially increases the risk of secret exfiltration, cross-context data access, and unauthorized use of accounts.

Missing User Warnings

High
Confidence
99% confidence
Finding
The documentation exposes plaintext platform credentials and normalizes their operational use without any safeguards, warnings, or secure handling guidance. Plaintext secret exposure can lead to immediate credential theft, account misuse, and downstream compromise if the same credentials are reused elsewhere.

Ssd 3

High
Confidence
99% confidence
Finding
The skill contains direct instructions for retrieving and using stored login credentials to access external platforms, which effectively operationalizes credential use inside the agent workflow. In context, this materially increases danger because the skill is designed to publish content across platforms, so misuse could result in unauthorized posting, impersonation, or persistence across multiple third-party services.

VirusTotal

No VirusTotal findings

View on VirusTotal