ClawHub

每日从集思录抓取可转债基本数据、强赎倒计时、下修倒计时,支持Cookie管理和本地持久化存储

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for authenticated Jisilu automation, but it asks users to provide and persist a live browser session cookie without enough safeguards.

Install only if you are comfortable giving the skill access equivalent to your active Jisilu web session. Do not paste or save browser cookies unless you understand they can act like passwords; delete the saved JSON after use, restrict file access, and log out or rotate the session if the cookie may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly tells users to extract a live authentication cookie from their browser and provide it to the skill or save it in a local JSON file, but it does not warn that this cookie is effectively a bearer credential that can grant account access if exposed. In the context of an agent skill with local persistence and automation, this increases the chance of accidental leakage through files, logs, backups, or broader agent access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs storage of a login cookie in a local JSON file but provides no warning that this cookie is effectively an authentication secret. A stolen or reused session cookie can grant account access, so treating it like ordinary configuration data is unsafe.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script stores a live authentication cookie on disk in plaintext JSON under the skill directory, which creates a credential-at-rest exposure if the local filesystem, workspace, backups, or logs are accessible to other users or processes. In this skill’s context, the cookie is directly used to authenticate to a third-party account, so compromise of the file could enable unauthorized access to the user’s Jisilu session until the cookie expires or is revoked.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly tells the agent to ask the user for an authentication cookie, retain it, and reuse it for future requests. This converts the agent into a collector and custodian of live credentials, increasing the chance of account compromise, unintended disclosure, and misuse across sessions.

Ssd 3

High
Confidence
99% confidence
Finding
Directing users to extract a live browser session cookie from developer tools and paste it into the agent is highly dangerous because it bypasses normal authentication safeguards and trains unsafe credential-sharing behavior. Anyone with access to that cookie may be able to impersonate the user until expiration or revocation.

Ssd 3

High
Confidence
98% confidence
Finding
Persisting a user-provided session cookie to local storage creates a standing secret on disk that may be readable by other processes, backups, sync tools, or future agent runs. Because the cookie is reused automatically, compromise of the file can silently lead to continued unauthorized access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal