ClawHub

xhs-auto-content-by-hot

Security checks across malware telemetry and agentic risk

Overview

The skill does its advertised content-generation job, but it tells the agent to save your image API key inside its Python source file, which creates a real credential exposure risk.

Review before installing. Use only if you are comfortable with Baidu and Volcengine network calls, and do not let the agent save a real API key into generate.py. Prefer a temporary, limited-scope key passed through an environment variable or secret store, and rotate any key already written into the file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tainted flow: 'image_url' from requests.post (line 210, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
print("API调用成功!")
                print("下载图片...")
                
                img_response = requests.get(image_url, timeout=30)
                img_response.raise_for_status()
                
                with open(image_path, "wb") as f:
Confidence
94% confidence
Finding
img_response = requests.get(image_url, timeout=30)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the operator to collect a user's API key and hardcode it into generate.py. Storing secrets in source code is unsafe because keys can be exposed through logs, version control, file sharing, backups, or later inspection by other tools, leading to unauthorized use of the user's cloud account.

Ssd 3

High
Confidence
99% confidence
Finding
This instruction tells the agent to ask for a user's API key and persist it directly in source code for later use. In the context of an agent skill, this is especially dangerous because agents may operate in shared workspaces, retain artifacts, or expose files to other processes, increasing the chance of credential leakage and misuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal