ClawHub

1lou Auto Follow

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed personal automation for checking 1lou drama updates, with notable but purpose-aligned local file, network, scheduled-check, and optional torrent actions.

Install only if you intentionally want automated 1lou update checks and are comfortable with scheduled network access, a local viewing watchlist, and optional torrent submission to qBittorrent. Review or change the hard-coded /Users/bluepop paths and 192.168.1.38 service addresses before use, and approve torrent downloads only for sources you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs use of shell commands (`curl`) and local file operations but does not declare corresponding permissions or clearly bound execution scope. Undeclared shell capability is dangerous because it hides that the skill can perform network retrievals and manipulate local files, reducing user awareness and weakening permission-based controls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
The declared purpose suggests simple watchlist management and update checking, but the actual behavior includes reading a fixed local file, probing multiple external domains, and initiating torrent acquisition workflows. This mismatch is risky because users may consent to a benign-seeming skill without realizing it performs broader filesystem and network actions, including triggering downloads through qBittorrent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger condition includes broad language such as responding to users asking about drama-related functions, which can cause the skill to activate during ordinary conversation. Overbroad activation is dangerous here because the skill has side-effecting behavior including network access, local file reads/writes, and possible torrent downloads, so accidental invocation can lead to unintended actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill uses a fixed local path for the watchlist and later updates that file, but the description does not clearly warn users that local data will be read and modified. This is dangerous because hidden filesystem side effects can expose personal viewing data, overwrite user-maintained files, or create persistence the user did not knowingly approve.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill automatically probes multiple external domains and switches among them, but the description does not clearly disclose this network behavior. Automatic access to several fallback domains increases risk because users may not expect external communication, and domain-rotation logic can make it easier to contact untrusted or compromised endpoints without additional review.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill is capable of downloading torrent files via `curl` or a browser and adding them to qBittorrent, which can trigger further network downloads and persistent system-side changes, yet the description lacks a clear warning. In this context, that is especially dangerous because torrent addition is an active side effect that can consume bandwidth/storage, fetch untrusted content, and expose the user's IP to peers or trackers.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal