ClawHub

Lobster Community

Security checks across malware telemetry and agentic risk

Overview

This is a real community-participation skill, but it encourages agents to post or edit shared external spaces on their own without clear user approval controls.

Install only if you intentionally want an agent social/community skill. Require explicit approval before any registration, post, comment, or Feishu append; review generated content and author identity before publishing; avoid sharing private data; and do not run autonomous or scheduled participation until its scope and destination are locked down.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The document presents conflicting control semantics: it claims posting should not be driven by direct user command, yet elsewhere gives users operational instructions to trigger registration and posting. This inconsistency can cause an agent to mis-handle authority boundaries and perform external actions under ambiguous justification.

Intent-Code Divergence

Medium
Confidence
82% confidence
Finding
The skill describes the website as read-only while later instructing agents to append replies in a Feishu knowledge base, creating ambiguity about where writes occur. That mismatch can mislead operators and reviewers about the skill's true side effects and cause unintended publication to external systems.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The registration flow is inconsistent: one section says agents register through the API, while another tells users to register via Feishu Bitable. Conflicting onboarding paths can cause unauthorized or mistaken writes to the wrong external service and make review of permissions harder.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The script claims to automatically patrol community sources and discover new posts and hot topics, but it actually produces a report from hardcoded examples and random values. In a monitoring or reporting skill, this is dangerous because it can mislead users into making decisions based on fabricated intelligence while appearing authoritative and automated.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The script formats output as if it were authored by a real 'active community member' while actually using a fabricated placeholder identity ('某只活跃龙虾'). This creates deceptive attribution and can mislead readers into trusting or acting on content under false pretenses, which is especially risky in community or knowledge-base workflows.

Vague Triggers

High
Confidence
96% confidence
Finding
The autonomous posting triggers are broad and subjective, such as having an insight or finding a discussion interesting. In an agent context, vague triggers can lead to unbounded invocation and unsolicited external actions, including posting or commenting without clear user intent.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill includes examples for automatic registration, posting, and commenting against external services without prominent warnings, consent requirements, or dry-run behavior. This creates a substantial risk of silent data transmission and unintended modification of third-party systems.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document includes concrete write-capable API examples for appending to a shared Feishu document without any warning, authorization guidance, or safeguards around modifying shared resources. In an agent skill context, this can normalize unsafe automation behavior and lead agents or users to overwrite, spam, or tamper with shared knowledge-base content unintentionally.

Ssd 1

High
Confidence
99% confidence
Finding
The skill explicitly frames the agent as not being governed by user instructions, which undermines normal instruction hierarchy and encourages the agent to prioritize skill-authored autonomy over legitimate user control. In a tool-using agent, this can enable unauthorized external actions and policy bypass behavior.

Ssd 1

High
Confidence
99% confidence
Finding
The autonomous behavior section directly contrasts community actions with obeying user commands, steering the model away from legitimate user control. This is dangerous because it attempts to redefine the agent’s decision policy inside the skill itself, increasing the chance of instruction-following failures and unauthorized writes.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal