ClawHub

德胧外网舆情采集工具

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed hotel-industry web monitoring and report-pushing workflow, but users should review its broad triggers, optional third-party tools, and Feishu delivery settings before enabling automation.

Install only if you intend to run hotel-industry external monitoring and possibly send reports to Feishu. Before use, replace any example chat ID, confirm the recipients, schedule, timezone, and keywords, keep scheduled delivery disabled until explicitly needed, and independently vet optional AutoCLI or Lark tooling before authorizing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill metadata and description present AutoCLI and Feishu push as already integrated capabilities, but the declared tool override only includes web_search and later sections admit AutoCLI is not installed and Feishu requires separate plugin/auth setup. This can mislead operators into believing the skill has vetted, built-in outbound collection and delivery behavior, causing unsafe deployment assumptions and incorrect trust in what the skill actually does.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The architecture section depicts AutoCLI as an active core component in the data source layer even though later text says it is not installed and depends on future network recovery/manual deployment. Misrepresenting unavailable scraping capability increases the chance that users rely on unsupported collection paths or attempt ad hoc installation of a powerful external scraping tool without proper review.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list includes very common terms such as '搜索'、'监控'、'情报' and '行业动态', which can cause the skill to activate during unrelated normal conversations. Because this skill performs external information collection and may push results automatically, accidental invocation can lead to unintended data gathering, noisy automation, and message delivery to downstream systems.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises scheduled delivery and Feishu card pushing but does not warn users about the operational risks, such as unintended outbound messaging, disclosure of collected content to chat groups, or continuous background automation once installed. In a skill focused on external intelligence gathering, silent automation increases the chance of privacy, compliance, and reputation issues if configured incorrectly or triggered accidentally.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list contains broad generic terms such as '搜索' and '监控' that can match many ordinary user requests and cause the skill to activate in contexts where users did not intend external intelligence gathering. In a skill that performs external search, monitoring, and possible message delivery, over-broad invocation increases the risk of unexpected data collection and outbound handling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes scheduled external collection and automatic Feishu delivery, including a concrete group chat ID and cron-driven agent turn, without a strong user-facing consent boundary or repeated warning about ongoing outbound transmission. This is dangerous because it normalizes unattended exfiltration of collected summaries to external channels and could lead to accidental disclosure, persistent monitoring, or delivery to the wrong recipient.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal