ClawHub

得到 Skill

Security checks across malware telemetry and agentic risk

Overview

The skill matches its Dedao download purpose, but it asks the agent to install an unverified external binary and offers unsafe cookie-based login guidance.

Install only if you are comfortable running a third-party dedao-dl binary from GitHub. Prefer QR login over cookie login, avoid pasting session cookies into commands or chats, verify the active Dedao account before downloads, and approve any full-course or large download explicitly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to run installation and helper scripts and to interact with a networked CLI, but there is no declared permission model or safety boundary described for shell/network access. In an agent environment, this increases the chance of unintended command execution, remote binary download, or external service interaction without explicit user awareness or platform mediation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill tells the operator to pass a raw cookie string directly on the command line for authentication, with no warning about credential sensitivity. Command-line secrets are commonly exposed via shell history, process listings, logs, agent transcripts, and telemetry, which can lead to account takeover if the cookie is reused or still valid.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The installer downloads a release asset from the network and writes it directly as an executable in the current directory, then marks it executable on Unix-like systems. Even though this is expected installer behavior, it lacks integrity verification, explicit trust confirmation, and clear warning before placing a runnable binary on disk, which increases supply-chain and accidental-execution risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal