ClawHub
Back to skill

Security audit

Young Post Downloader

Security checks across malware telemetry and agentic risk

Overview

The skill has a clear purpose, but it needs review because it runs an unsafe shell command for PDF conversion and treats Feishu cloud upload as part of the normal workflow without a clear consent step.

Install only if you intend the agent to fetch Young Post content, create local HTML/PDF files, and upload the generated PDF to Feishu. Use a trusted workspace path with no shell metacharacters, review the generated file before upload, and prefer a patched version that uses argument-based subprocess execution and asks before any Feishu transfer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

os.system() or os exec-family call

High
Category
Dangerous Code Execution
Content
"""使用 Chrome 将 HTML 转换为 PDF"""
    log(f"转换 PDF: {html_path} -> {pdf_path}")
    cmd = f'google-chrome --headless --disable-gpu --print-to-pdf={pdf_path} --print-to-pdf-no-header --paper-size=A4 {html_path}'
    os.system(cmd)

def upload_to_feishu(file_path: str) -> bool:
    """上传文件到飞书云空间"""
Confidence
95% confidence
Finding
os.system(cmd)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad enough to activate on generic requests like downloading articles or converting content to PDF, without clear limits on scope, article count, destination, or whether upload is desired. In an agent setting, overly broad activation can cause the skill to run unexpectedly, perform bulk scraping, or upload files when the user only intended local retrieval or summarization.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Although Feishu upload is mentioned later, the skill description and opening sections do not prominently warn that generated files may be uploaded to Feishu cloud storage as part of the workflow. This weak disclosure can mislead users about where scraped content will go, creating privacy, compliance, and data handling risks if uploads happen by default or are assumed implicit.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script automatically uploads the generated PDF to Feishu, which transmits collected content to an external service without any explicit user confirmation, notice, or configurable opt-in. In an agent context, silent external upload increases data leakage risk, especially if downloaded content or generated files contain sensitive or unexpected material.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal