ClawHub

Book Recommender - 书籍推荐

Security checks across malware telemetry and agentic risk

Overview

This is a book recommendation and reading-list helper with local JSON storage, and I found no hidden network, credential, destructive, or unrelated behavior.

Install only if you are comfortable with a book helper saving reading-list and note data locally. Treat Douban ratings as built-in sample data unless a future version clearly adds live network lookup, and check where your runtime stores the generated JSON files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The example trigger phrases are very generic natural-language requests such as asking for recommendations or ratings, which can easily overlap with ordinary conversation and cause the skill to activate unintentionally. In an agent environment, broad activation increases the chance of accidental invocation, unexpected data handling, or user confusion about which capability is responding.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are very broad and map to ordinary reading-related conversation, so the skill may activate in situations where the user did not intend to invoke it. Because the skill has both network access and file write capability, ambiguous invocation increases the chance of unintended external requests or persistence of user data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill requests network and file-write permissions but does not clearly disclose what data is sent externally or where notes are stored. This creates a privacy and transparency risk because users may reveal reading habits, notes, or queries without understanding that the data may be transmitted to Douban or written to a local workspace file.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The skill persists user reading data to local JSON files without clearly disclosing that behavior to the user. In an agent or shared environment, silent persistence can create privacy risk, unexpected retention of personal preferences/notes, and possible cross-session exposure if other components or users can access the same files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal