ClawHub

文件上传

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says by uploading files, but users should review it because the documented destination and retention behavior do not match the code clearly enough for a file-sharing tool.

Install only if you trust this internal BS3 environment and can verify the actual endpoint, bucket, CDN domain, and retention policy. Avoid using it for secrets, personal data, confidential reports, or regulated files unless the upload destination and access controls are confirmed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The function returns a plain static object URL while claiming the link is valid for only 7 days, but there is no code that generates a time-limited signed URL or enforces object expiration. This can mislead users into sharing sensitive files under the false assumption of limited exposure, causing longer-than-expected availability if bucket/object permissions allow access.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation examples are broad enough to match routine requests like 'save this data' or 'upload this screenshot,' which can cause the agent to invoke a file-upload skill in situations where the user may not understand that a shareable URL will be created. In the context of an unauthenticated internal storage target, this broad triggering increases the chance of unintended disclosure of sensitive files or generated content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises file upload and URL generation without clearly warning that uploaded content becomes shareable, which materially increases the risk that users or agents disclose confidential documents, screenshots, or internal data unintentionally. In this context the danger is heightened because the storage is no-signature internal BS3 and the workflow is optimized for easy sharing, reducing friction for accidental exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal