ClawHub

bing图片批量下载skill

Security checks across malware telemetry and agentic risk

Overview

This skill mainly downloads images locally, but it also documents scheduled sending of those images to Feishu, which needs review before use.

Install only if you want local keyword image downloading and understand it will create files plus metadata/history under downloads/<keyword>/. Do not enable the cron or Feishu example unless you intentionally want scheduled outbound media sending, have verified the recipient, and are comfortable using the host OpenClaw/Feishu credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The README extends the skill from local image downloading into automated outbound delivery via `openclaw message send` to Feishu, which is outside the stated core purpose and materially changes the data-flow risk. This makes it easier for an agent or operator to operationalize bulk exfiltration or redistribution of downloaded content without any explicit consent, authorization, or policy checks.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The documented scope expands beyond image downloading into scheduled automation and outbound messaging via OpenClaw/Feishu. That broadens the operational behavior from local retrieval to unattended exfiltration or redistribution of downloaded content, increasing risk beyond the stated purpose of the skill.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Sending downloaded images to Feishu is not necessary to satisfy the stated image-downloader function and introduces an unrelated outbound communication channel. Any extra transmission path increases the chance of accidental data leakage, misuse of messaging targets, or unexpected sharing of locally stored files.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The README documents saving downloaded files under `downloads/<关键词>/` and persisting metadata/history used to avoid re-downloads, but does not prominently warn users that the skill writes to disk and retains run state across executions. In an agent setting, silent local writes and persistence can surprise users, consume storage, and retain potentially sensitive search terms or download history.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The automation example sends downloaded images to Feishu recipients without an explicit privacy notice, user-disclosure requirement, or consent boundary. That omission increases the risk that a user or agent treats third-party transmission as routine, enabling unintended sharing of content or search-derived material to external recipients.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill describes both writing downloaded files locally and transferring them to Feishu without an explicit warning or consent checkpoint. Silent local modification and external transfer can violate user expectations, especially in automated or scheduled contexts where actions may continue without active review.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal