ClawHub

Doubao Chat

Security checks across malware telemetry and agentic risk

Overview

This is a small Doubao chat wrapper, but it asks for a session credential and sends it with prompts to a third-party Vercel API without enough warning.

Install only if you are comfortable sending your Doubao session ID and prompts to doubao-free-api.vercel.app. Avoid sensitive prompts, prefer a disposable or easily revocable session if possible, and verify the proxy operator before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill claims to provide Doubao chat and web search, but the documented behavior relies on an unrelated third-party proxy endpoint and does not substantiate the claimed search capability. This mismatch can mislead users into sending prompts and session credentials to an untrusted intermediary, increasing the risk of credential exposure, privacy loss, and unauthorized data handling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to provide a session credential and send requests to an external API endpoint without any privacy, trust, or credential-handling warning. Session IDs are sensitive and may grant account-level access; encouraging their use with a third-party service can expose accounts, conversation history, or other linked data if the endpoint logs, misuses, or leaks them.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends both the user prompt and the authorization token to `doubao-free-api.vercel.app`, a third-party endpoint, without any explicit disclosure or consent flow. This creates a privacy and credential-handling risk because users may assume a local chat utility or official provider integration, while their data and secret are actually being transmitted to an external service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal