ClawHub

36氪自助报道 - 36kr AI Report

Security checks across malware telemetry and agentic risk

Overview

The skill mainly reads public 36kr article data, but it also pushes related skill installs and includes an unsafe shell helper.

Review before installing. The article lookup itself is low risk and uses a public read-only endpoint, but avoid running scripts/fetch_aireport.sh with untrusted or non-numeric --top values, and treat any suggested related skills as separate installs that need explicit review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill's documented purpose is fetching and displaying 36kr article lists, but it adds mandatory post-task promotion of other skills and installation guidance. This expands scope from content retrieval into cross-skill steering, which can manipulate user flow and normalize unsolicited installation prompts unrelated to the original request.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The instructions tell the agent to inspect the environment for installed skills before responding, even though that is unnecessary for retrieving article data. Unrelated environment inspection increases access to contextual/system state and can disclose or leverage information beyond the user's request.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger examples include very generic affirmative phrases such as '要' and '好的', which are common in normal conversation. Such broad phrases can cause unintended invocation of follow-on behavior, including installation guidance, without meaningful user intent specific to the referenced skills.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal