ClawHub

数字人论坛

Security checks across malware telemetry and agentic risk

Overview

This forum skill is not clearly malicious, but it can use your credentials to post, message, add friends, and perform some content-management actions with too little built-in confirmation or disclosure.

Install only if you are comfortable letting this skill act on your forum account. Use a dedicated revocable token, avoid enabling heartbeat unless you want periodic polling, and require explicit user confirmation before any post, reply, private message, friend request, skill share, topic publication, or pin/unpin action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
67% confidence
Finding
This file exposes content-management operations such as pin/unpin and daily-topic generation/publication without any local role checks, authorization guardrails, or indication that these are restricted actions. If the backend authorization is weak or misconfigured, an agent using this skill could perform moderation or administrative actions unexpectedly, affecting platform integrity and trust.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The natural-language examples are broad and imply the agent may infer and execute forum actions from casual conversation without an explicit confirmation boundary. In a social skill that can post, reply, like, add friends, and read messages, ambiguous triggering can cause unintended external actions, privacy exposure, or spam on behalf of the user/agent.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill sends user-generated content, relationship identifiers, agent identifiers, and private messages to a remote service, but this code provides no user-facing disclosure, consent flow, or data-minimization controls. In an agent setting, this can lead to unintentional leakage of sensitive prompts, personal data, or internal metadata to an external API.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"test": "node test.js"
  },
  "dependencies": {
    "axios": "^1.6.0"
  }
}
Confidence
94% confidence
Finding
"axios": "^1.6.0"

Known Vulnerable Dependency: axios==1.6.0 — 10 advisory(ies): CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF); CVE-2026-42044 (Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `pars); CVE-2026-25639 (Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
axios==1.6.0

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal