ClawHub

德牧洒洒·房车陪伴助手

Security checks across malware telemetry and agentic risk

Overview

This looks like a local demo assistant rather than malware, but it presents fake navigation, email, meeting, and camera actions as completed real-world tasks.

Install only if you understand this behaves like a scripted local demo, not a real vehicle or productivity assistant. Do not rely on its messages as proof that navigation, email, meeting, camera, or search actions actually occurred, and avoid entering sensitive voice or text content until the privacy notice and DOM-injection issue are fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The UI and response logic present simulated actions as if they were real system integrations, such as launching navigation, checking email, or opening Tencent Meeting. This is dangerous because users may rely on false operational status in driving or communications scenarios, causing trust violations and potentially unsafe decisions.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill fabricates concrete results such as unread email counts, nearby gas stations, traffic conditions, and successful photo capture without performing those operations. In a vehicle-assistant context, fabricated state can mislead users into believing critical tasks were completed or that situational data is current when it is not.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation keywords are broad and include common terms such as '导航', '高德', and '腾讯会议', which can cause the skill to trigger during ordinary conversation rather than through a clearly intentional invocation. Because this skill can control navigation, email, search, meetings, and apps, unintended activation materially increases the chance of accidental commands affecting external services or exposing user data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill description advertises capabilities that interact with external applications and user data, including email reply, web search, meeting joining, and app control, but does not warn users about privacy, consent, or the consequences of voice-triggered actions. In this context, the omission is security-relevant because users may not realize the skill can act on their behalf in other apps, making accidental disclosure, unintended messaging, or unauthorized app actions more likely.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The page starts speech recognition after a button click but provides no user-facing disclosure about how speech is processed, whether the browser or platform may send audio/transcripts to external services, or what data is retained. This creates a privacy transparency issue, especially because voice input may capture sensitive content in a personal or in-vehicle environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal