ClawHub

小红书种草笔记(自动配图)

Security checks across malware telemetry and agentic risk

Overview

This looks like a real AI content-generation skill, but it needs review because broad implicit activation can send user content and brand details to a third-party AI Skills API.

Install only if you are comfortable sending prompts, audience details, keywords, brand requirements, and profile context to ai-skills.ai under your API key. Avoid confidential drafts, customer data, regulated personal data, secrets, or proprietary brand material unless your organization has approved that provider and its data handling. Prefer explicit confirmation before each run or disable implicit invocation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares required environment variables and explicitly instructs users to call an external API, but it does not declare corresponding permissions for network and environment access. This creates a transparency and governance gap: users and hosting platforms may not realize the skill can read secrets and transmit user-provided content externally.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The description and trigger wording are broad enough that the skill may be invoked for loosely related content-generation requests without clear user intent. Over-broad activation increases the chance of sending sensitive drafts, business materials, or user content to the external AI Skills service unexpectedly.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The applicable-scenario section uses vague criteria like when users need help forming executable results, which can match many normal writing or analysis requests. In this skill's context, vague activation is more dangerous because execution involves remote API use and potential transmission of user-supplied material.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that the runner sends parameters to the AI Skills API, but it does not prominently warn users that their input content will leave the local environment and be processed by an external service. This is a meaningful privacy and data-handling risk, especially for drafts, brand requirements, audience data, or unpublished materials.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill metadata is broadly scoped: the display text and default prompt provide no clear activation boundaries, while implicit invocation is enabled. This can cause the agent to invoke the skill in loosely related contexts, increasing the chance of unintended processing, overreach, or unsafe automation based on ambiguous user requests.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal