ClawHub

wewe-rss-deploy

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its stated purpose, but it deploys an account-linked RSS service with broad network exposure and a third-party relay without enough safety guidance.

Review before installing. Use a strong AUTH_CODE, prefer binding to 127.0.0.1 unless remote access is intentionally needed, avoid opening port 4000 to untrusted networks, and consider replacing the public PLATFORM_URL with a trusted or self-hosted relay. Only scan the WeChat Read login QR code if you trust the upstream WeWe RSS project and the configured relay. Back up the database before running uninstall commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the user to recursively delete the existing prisma directory without any backup or explicit warning that local schema changes may be lost. In an agent-execution context, destructive commands in setup docs are risky because they can remove user data or project state if the path is wrong or the directory contains non-default content.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Setting HOST=0.0.0.0 exposes the service on all network interfaces, but the skill does not warn the user that the RSS service and its admin UI may become reachable from other machines. In this context the app also uses an auth code and ingests account-linked content, so broad exposure materially increases attack surface and risk of unauthorized access.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill recommends a public third-party forwarding service for WeRead traffic without any privacy or trust warning. That can route user reading-related requests and possibly sensitive metadata through an external operator, creating confidentiality, integrity, and availability risks outside the user's control.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The uninstall section deletes the project directory and configuration file without warning that local data, including the SQLite database and service state, may be permanently lost. In an automated skill, uninstall commands can be executed with little user scrutiny, making undocumented destructive cleanup unsafe.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal