ClawHub

AI Topic Scout

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent, but it asks users to handle live X/Twitter session cookies and ships concrete DingTalk table IDs that could send scraped content to the wrong workspace.

Install only after replacing references/config.json with your own DingTalk base/table IDs, confirming the destination workspace, and deciding how to handle X/Twitter cookies safely. Use a dedicated account or safer auth method if possible, avoid putting cookies directly in shell commands, and test with a small source list before enabling hourly runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to extract and pass sensitive Twitter/X session cookies (`auth_token` and `ct0`) to a CLI, but it does not clearly warn that these values are equivalent to live account credentials and can enable account access or misuse if exposed in shell history, logs, screenshots, or process lists. In this context, the skill automates third-party scraping and encourages direct handling of reusable secrets, which materially increases credential leakage and privacy risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The top-level skill description says the system writes results into DingTalk AI tables, but it does not clearly disclose that scraped third-party content and derived analysis will be transmitted to an external service. Users may trigger the skill without understanding that fetched YouTube/Twitter content, metadata, and summaries are being stored remotely, creating privacy, compliance, and data-governance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document shows passing Twitter auth credentials directly on the command line (`--auth-token` and `--ct0`) and also storing them in a local config file, but it does not warn that CLI arguments may be exposed via shell history, process listings, logs, or shared terminal recordings. In the context of an automation skill that scrapes external platforms, these are live session credentials; disclosure could enable unauthorized access to the associated Twitter account/session.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal