ClawHub

WeChat Channels Video Search

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it exposes the user’s TikHub API token in normal command output.

Install only after reviewing or patching the script to remove token printing. Avoid using sensitive search terms, use a least-privilege TikHub token if possible, and rotate the token if this version has already been run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'headers' from os.environ.get (line 58, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
print("token",token)
    print("DEBUG: url=", url)
    try:
        resp = requests.get(url, headers=headers, timeout=60)
        print(f"DEBUG: status_code={resp.status_code}", file=sys.stderr)
        print(f"DEBUG: response_text={resp.text[:500]}", file=sys.stderr)
        resp.raise_for_status()
Confidence
97% confidence
Finding
resp = requests.get(url, headers=headers, timeout=60)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script prints the full TikHub API token to stdout during normal execution, which can leak credentials into terminal scrollback, logs, orchestrator captures, chat transcripts, or other monitoring systems. Anyone with access to that output can reuse the token to access the associated third-party API account.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill tells users to configure a TikHub bearer token and use an external API, but does not clearly disclose that user-entered search keywords and associated request metadata will be transmitted to a third-party service. This is a privacy and data-handling disclosure gap that can lead to unintended sharing of sensitive queries or operational information.

Missing User Warnings

High
Confidence
100% confidence
Finding
Printing a live API bearer token without warning or redaction is a direct credential exposure vulnerability. In an agent/skill context, stdout is often captured and surfaced to users or stored centrally, making accidental disclosure especially likely and materially increasing the risk of unauthorized API use.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal