ClawHub

公众号文章诊断助手

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real WeChat article review skill, but it may send drafts, documents, links, and profile context to an external AI service without a strong consent boundary.

Install only if users are comfortable sending article drafts, uploaded review files, public article links, audience and goal details, brand restrictions, tenant metadata, and possible profile context to ai-skills.ai under their API key. Avoid confidential client work, unpublished proprietary marketing plans, regulated content, or sensitive personal data unless that provider's data handling is approved, and prefer explicit confirmation before invoking the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The runner sends all user-provided parameters to a remote ai-skills.ai API, which is materially different from a user expectation of a local copy-review helper. This creates a real data disclosure risk because potentially sensitive draft content is exfiltrated off-host without any in-code notice, consent gate, or minimization.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger description is broad enough to match common writing-help requests, which can cause the skill to activate unexpectedly and capture article text, links, or files when the user did not intend to invoke this external-service workflow. Because the skill forwards content to a third-party API, overbroad triggering materially increases privacy and data-handling risk.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation conditions describe many generic content-analysis situations without strong activation boundaries, so the skill may be selected for ordinary editing or summarization requests. In this context, ambiguity is dangerous because users may unknowingly send proprietary drafts, documents, or URLs to an external API without realizing a separate tool is being used.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation says links and files can be provided and that the runner sends parameters to the AI Skills API, but it does not present a clear user-facing warning that article text, URLs, and uploaded documents are transmitted to an external service. This is a real data-exposure issue because users may include unpublished drafts, internal review files, or sensitive marketing material under the assumption processing is local.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill enables implicit invocation with no visible trigger constraints, exclusions, or narrowing conditions. That increases the chance the agent will auto-select this skill in unintended contexts, which can cause prompt-routing mistakes, unexpected data exposure to the skill, or content processing outside the user's clear intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code transmits raw user params together with authenticated headers to a remote endpoint without any user-facing warning or indication that content leaves the local environment. In a content-review skill, users may paste unpublished marketing copy, customer information, or internal documents, so silent transmission increases privacy and compliance risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal