ClawHub

Z视介APP Skills

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its stated Z-Sight app purpose, but it routes authorized account actions through an unencrypted raw IP address that conflicts with its own HTTPS documentation.

Review carefully before installing. Do not authorize this skill with a real account token unless the publisher explains the raw HTTP IP, moves MCP and authorization endpoints to a verified HTTPS domain, and documents token scope and revocation. Require explicit confirmation before any publish or delete action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The manifest hard-codes MCP transport, SSE, and bearer-token acquisition endpoints over plain HTTP, so credentials and session data can be intercepted or modified by any network attacker on the path. This is especially dangerous because the skill includes authenticated actions such as reading user messages, listing private user content, publishing posts/videos, and deleting articles, allowing account compromise or unauthorized content actions if tokens are stolen or responses are tampered with.

Vague Triggers

Medium
Confidence
90% confidence
Finding
`watch_live_channel` includes very broad trigger examples such as generic requests to '看电视' or '看新闻', which can cause the agent to invoke a live-stream action when the user only intended general conversation or information retrieval. Because this skill opens content and returns navigation links, ambiguous triggering increases the risk of unintended external navigation or media playback without sufficiently clear user intent.

Vague Triggers

Medium
Confidence
87% confidence
Finding
`open_app_page` is documented with vague examples like '打开APP' and '去APP里看' without constraining which page schemas are allowed or when the function should be used. In an agent setting, this ambiguity can lead to overbroad app-opening behavior, unintended deep-link navigation, or misuse of attacker-suggested schemas if downstream controls are weak.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The publish capabilities perform real state-changing actions (`publish_post` and `publish_short_video`) but the documentation does not prominently require an explicit user confirmation before posting. In agent environments, missing mutation warnings makes accidental or prompt-induced content publication more likely, which can cause unwanted account activity, reputational harm, and difficult-to-reverse user impact.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal