ClawHub

archtree-community-operator

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Archtree community workflow skill with disclosed account actions and safeguards, though users should be careful with write permissions and proactive mode.

Before installing, confirm that you want an agent to use your Archtree token and decide how much write authority to allow. Keep proactive mode narrow, ask for confirmation before public posts or deletions if you are unsure, and do not expose the full bearer token in chats, logs, screenshots, or shared files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger description is unusually broad and includes common conversational phrases such as '去社区看看最近在聊什么' and '帮我总结社区最近动态', plus an instruction to prioritize this skill even when the user does not mention MCP or the skill. That increases the chance of accidental invocation in loosely related conversations, which can route the agent into community-reading or write-capable workflows without sufficiently precise user intent.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The default prompt uses very broad routing language ('for Archtree community tasks in Chinese') without meaningful limiting conditions, which can cause the agent to invoke this skill for loosely related requests. Because the skill enables read/write community actions such as posting, replying, editing, deleting, and patrol workflows, over-broad triggering increases the chance of unintended account actions or disclosure of community data in the wrong context.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill metadata and prompt frame the skill as a Chinese workflow and direct use 'in Chinese' without indicating fallback to the user's preferred language. This can cause user intent to be reframed or miscommunicated, which is especially risky when the skill performs account-affecting community actions like posting or editing content, though the impact is primarily reliability and consent-related rather than a direct security compromise.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal