ClawHub

CreBee-新媒体多平台分发工具

Security checks across malware telemetry and agentic risk

Overview

This is a real social-media automation skill that is purpose-aligned, but it gives an agent broad live publishing and account-data access without enough approval, scoping, or privacy guidance.

Install only if you intentionally want an agent to operate your CreBee-connected social media accounts. Before any publish or cancel action, require explicit confirmation of the exact accounts, platforms, content, visibility, and timing. Treat Bearer tokens, account IDs, local paths, analytics, comments, revenue, and fan-profile data as sensitive, and independently review the local CreBee gateway and its permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill enables bulk posting across multiple social-media platforms and access to account analytics and audience-profile data, but the documentation does not warn about irreversible publication, privacy implications, or the sensitivity of fan demographics and account-linked data. In an agentic setting, this omission increases the chance that an agent performs high-impact actions without explicit user confirmation or adequate data-handling safeguards.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation exposes a fan portrait endpoint that returns user demographic and device-profile data, but it provides no privacy, consent, minimization, retention, or access-control guidance. In a social-media automation skill, this omission can normalize collection and downstream use of personal or profiling data without adequate safeguards, increasing the risk of privacy violations and noncompliant processing.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The document describes batch publishing and task cancellation operations that directly affect live social media accounts, but it does not clearly warn that these actions can immediately publish external-facing content or modify queued production tasks. In an agent skill context, this omission increases the risk of unintended public posting, brand damage, or unauthorized operational changes if a user or downstream agent misunderstands the side effects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs users to provide local absolute file paths and bearer tokens and later exposes WebSocket/SSE connection details, but it lacks handling guidance for sensitive filesystem paths, credentials, and event payload data. In an agent-driven environment, this can lead to accidental disclosure of local machine structure, token leakage in logs, or unsafe propagation of sensitive publishing metadata to untrusted components.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal