ClawHub

头条文章阅读

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed browser-based article reader and summarizer, with privacy caveats around opening links and caching extracted article text locally.

Install only if you want an agent to open article links in an automated browser and extract their contents. Do not use it on private, confidential, paywalled, internal, or sensitive pages unless you are comfortable with the extracted text being cached locally in the skill folder and shown/exported by the tool. Confirm the target URL before use, and consider clearing the cache after processing sensitive articles.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The invocation examples are generic everyday phrases like '阅读这篇文章' and '分析这篇文章', which can cause the skill to activate in situations broader than intended. In an agent environment, overly broad triggers increase the chance of unintended browser automation against user-provided links or ambiguous references, which can expand attack surface and enable prompt-trigger confusion.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code sends extracted article content, title, and platform data to an external AI summarizer without any explicit user notice, consent, or visible disclosure at runtime. If the summarizer uses a remote service, this can leak scraped content or sensitive browsing targets to third parties, creating a privacy and data-governance risk rather than a direct code-execution issue.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal