ClawHub

Weekly Menu 每周菜单

Security checks across malware telemetry and agentic risk

Overview

This meal-planning skill has a coherent purpose, but it should be reviewed because it handles Feishu credentials and includes overbroad Feishu document actions without clear guardrails.

Install only if you are comfortable letting the agent use Feishu credentials to create and edit documents, read meal preferences/history, search Xiaohongshu, download images, and store menu history. Use a least-privilege Feishu app and folder, avoid placing reusable tokens in MEMORY.md, confirm the target user before granting access, and do not allow the documented delete or move calls unless you explicitly request that exact operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly directs the agent to use a Feishu token stored in MEMORY.md, which is an unrelated credential source and expands access beyond what the meal-planning task should require. This creates a real risk of secret harvesting or misuse of broader account credentials, especially because the skill already performs external-service actions and document creation.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The recipe guide includes API instructions to delete Feishu documents, which is not necessary for generating a weekly menu and materially expands the skill's action surface. In an agent context, documenting destructive operations without explicit scoping or confirmation can enable accidental or unauthorized data deletion if the skill or a downstream agent follows the guide too broadly.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The guide grants `full_access` permissions to a user on a document, which exceeds the minimum needed for simply generating and storing a meal plan. Over-privileged sharing instructions can expose documents to modification, resharing, or misuse, especially if the target identity is selected dynamically by an agent.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger conditions are broad enough to activate on common food-related requests, increasing the chance the skill runs without the user understanding that it will search external services, read profile data, and create documents. Over-broad invocation is dangerous here because the skill performs side effects and persists data, not just simple local text generation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description does not clearly warn users that it will access profile data, query Xiaohongshu, download images, create a Feishu document, and store outputs/history. Lack of upfront disclosure undermines informed consent and can lead to unintended sharing of personal preferences and persistent file creation in connected services.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs the reader or agent to read `app_id` and `app_secret` from a local configuration file containing Feishu credentials, without any warning about sensitivity or restrictions on handling secrets. In an agent environment, normalizing access to local secrets can lead to unintended credential exposure, reuse beyond scope, or transmission to external services.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The deletion instructions are presented as routine API usage with no warning, approval checkpoint, or confirmation guidance, despite being irreversible or disruptive in practice. In a skill reference consumed by agents, omission of such guardrails increases the chance of accidental destructive actions.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The template hard-codes `country: CN` and `timezone: Asia/Shanghai`, which can silently impose a specific locale on users who may live elsewhere. In a meal-planning skill that schedules reminders and shopping/planning events, incorrect locale defaults can cause wrong timing, culturally mismatched recommendations, and unintended inference or storage of location-related profile data without explicit user confirmation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal