ClawHub

Movie Recommender - 电影推荐

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent movie recommendation helper that uses Douban lookups and local JSON files, with no evidence of hidden, destructive, or unrelated behavior.

Install only if you are comfortable with movie searches being sent to Douban and with watched or want-to-watch data being saved locally as JSON files. Delete the generated JSON files if movie preferences are sensitive on your device.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Low
Confidence
83% confidence
Finding
The README states that viewing history and watchlist are stored in local JSON files, but it does not clearly warn users that personal preference data will persist on disk. While this is not an active exploit by itself, it is a real privacy weakness because users may unknowingly leave behind behavioral data that could be exposed to other local users, backups, or shared environments.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The skill advertises Douban score lookups and later mentions web scraping/API use, but it does not clearly inform users that movie titles and queries may be transmitted to external services. This creates a transparency and privacy issue because user interests and request content may be disclosed off-device without explicit notice or consent.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger rules are very broad and match ordinary movie-related conversation, so the skill may activate in contexts where the user did not intend to invoke it. That increases the chance of unintended network access, recommendations, or file operations under a mistaken routing decision, especially because the skill also declares network and local file permissions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill says it stores viewing history and wish lists in local files, but it does not clearly warn users that this data persists on disk or describe the privacy implications. Movie preferences, ratings, and comments can reveal sensitive interests or habits, and silent persistence can violate user expectations or lead to later exposure on a shared system.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The skill silently persists watched-history and want-to-watch data to local JSON files without clearly informing the user that personal preference/history data is being stored. While the data is local and relatively low sensitivity, undisclosed retention can still create privacy risk, especially on shared systems or in agent environments where users may assume requests are ephemeral.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
User queries are sent to an external movie service through search calls without disclosure that query content may leave the local environment. Even if the queries are usually just movie titles or moods, they can contain personal preferences or free-form text, so undisclosed third-party transmission creates a real privacy risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal