ClawHub

Founder-HongYun Editor Automation

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent publishing automation, but it can use authenticated sessions and WeChat credentials to make public or official publishing changes without strong final confirmation safeguards.

Install only if you trust the publisher and will supervise high-impact actions. Use least-privileged Founder-HongYun and WeChat accounts, prefer entering secrets only when needed, do not display or log raw cookies or AppSecrets, and require the assistant to show the exact article, account, preview, DOI targets, and API action before any publish, register, reminder, or submission step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes directly publishing an article to a WeChat public account after collecting content, but it does not require an explicit user confirmation immediately before the irreversible publish call. In an automation context, that creates a real risk of unintended public release of incorrect, confidential, or unreviewed material.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation recommends storing WECHAT_APP_SECRET in a shell environment variable without warning that environment variables may be exposed through shell history, process inspection, crash logs, CI output, or inherited subprocesses. Because this secret can authorize publication actions against the public account, weak handling increases credential exposure risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The manifest explicitly defines sensitive inputs for WeChat publishing, including an AppID and AppSecret, but provides no warning about secure storage, restricted use, or whether those values may be transmitted through browser automation flows. In a skill that performs browser-based automation and API calls, undeclared secret-handling behavior increases the risk of accidental disclosure, misuse, or unsafe logging of credentials.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly states that users can ask to inspect the founder_cookie value, which normalizes disclosure of an authenticated session cookie. Anyone obtaining that cookie may be able to hijack the logged-in Founder platform session and perform actions as the user until expiry.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal