ClawHub

baijiahao-publisher

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it claims, but it gives an agent live publishing control and includes an unsafe cookie-login bypass option.

Install only if you are comfortable letting an agent operate an authenticated Baijiahao publishing session. Use normal QR login, do not provide or inject cookies, review the title/body/cover/target account before any post, and prefer saving drafts unless you explicitly confirm publication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill explicitly documents injecting cookies via browser-side script as a way to bypass QR-code login, which normalizes handling session credentials and avoiding the intended authentication flow. In a publishing automation skill, this is unnecessary for core functionality and increases risk of account takeover, session theft, or unauthorized posting if copied or reused.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation rules are broad enough that the skill may trigger for generic content-generation or publishing requests without strong confirmation boundaries. In a live publishing context, over-broad activation can lead to accidental posting, unintended automation, or use on content the user did not explicitly approve for publication.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs copying files into a local upload directory and then performing a real publication workflow, but it does not clearly warn about local file writes or the side effects of submitting content to a live account. In an automation setting, missing consent and side-effect disclosures can cause unintended file operations and irreversible publishing actions.

Missing User Warnings

High
Confidence
96% confidence
Finding
The cookie-injection section discusses using session cookies without any warning about the sensitivity of account credentials or the risks of storing, transferring, or replaying them. That omission makes misuse more likely and lowers the barrier to insecure credential handling in a high-privilege authenticated publishing flow.

Ssd 1

High
Confidence
98% confidence
Finding
The text frames cookie injection as a way to 'bypass QR-code login,' which is direct guidance for circumventing the platform's normal authentication mechanism. In the context of an account-posting skill, that materially increases danger because it enables unauthorized access patterns rather than merely automating permitted actions after proper login.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal