ClawHub

Terabox Link Extractor

Security checks across malware telemetry and agentic risk

Overview

The skill’s main TeraBox link extraction purpose is coherent, but its optional download mode can write files outside the promised Downloads folder and its third-party data sharing is not disclosed consistently.

Install only if you are comfortable sending TeraBox links and a dedicated XAPIverse API key to xapiverse.com. Prefer using the link-extraction flow, and avoid the CLI --download mode until the author sanitizes provider file names and validates the final resolved download path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill declares use of an environment variable containing a secret API key, but the skill manifest does not clearly declare corresponding permissions despite operational dependence on secret-bearing runtime capabilities. This weakens transparency and reviewability, making it easier for a skill to access sensitive configuration without explicit user or platform scrutiny.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose is link extraction, but the behavior reportedly includes downloading remote files, following redirects, and writing content into a local Downloads directory. That is a material expansion of capability from metadata alone and can expose the host to unwanted file writes, storage abuse, malicious payload retrieval, or stealthy persistence of downloaded content.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README says to provide 'any valid TeraBox URL' and notes the skill can be 'automatically triggered by the agent,' which is an overly broad activation condition for a tool that sends user-provided links to an external extraction service. This increases the chance of unintended invocation on sensitive or untrusted URLs and can cause unnecessary disclosure of user data or misuse of third-party content workflows.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README describes direct extraction via the 'browser-less XAPIverse API' but does not clearly disclose that submitted TeraBox URLs are transmitted to an external API provider. This omission can mislead users about data flow and privacy, especially if links contain personal, private, or access-controlled content identifiers.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill states that the full target URL and the TERABOX_API_KEY are transmitted to a third-party service, but only discloses this 'if asked' instead of proactively before use. Because URLs can contain sensitive tokens and the API key is a secret, failing to warn users up front undermines informed consent and increases the risk of unintended disclosure to an external service.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The changelog explicitly states the skill was optimized to make the LLM trigger extraction automatically, without describing narrow activation constraints. In a skill that sends user-supplied TeraBox URLs to a third-party API, broad auto-trigger behavior can cause data transmission without clear user intent or consent, increasing privacy and surprise-action risk.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The changelog records a prior design goal to force automatic execution, while later entries claim a consent protocol was added to prevent unsolicited third-party transmission. This conflict is dangerous because it suggests inconsistent security expectations and raises the risk that some manifests, prompts, or code paths still encourage execution before consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal