ClawHub

Kechuang Collection

Security checks across malware telemetry and agentic risk

Overview

This appears to be a lead-monitoring skill, but it needs review because it describes ongoing background monitoring, notifications, and retained local lead files without clear user controls.

Review before installing. Only use it if you can explicitly choose the monitored sources, target entities, run interval, output location, and notification channel, and confirm there is a documented way to list and disable any background task. Treat generated lead files as sensitive business data, especially on shared or managed machines.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill documents use of CronCreate and PushNotification in its execution flow even though those capabilities are not declared in allowed-tools. This creates a mismatch between the advertised behavior and the permission model, which can mislead reviewers and users about what the skill can actually persist or trigger, and may encourage unsafe implementation workarounds outside the declared tool boundary.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description advertises continuous 7×24 monitoring of broad public internet sources and KPI-based filtering without stating clear activation boundaries, user consent requirements, or scope limits. Broad trigger language can cause the skill to activate in unintended contexts and initiate large-scale collection behavior that may exceed user expectations, organizational policy, or least-privilege principles.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill states that scan results are saved persistently to a desktop leads-output directory, but it does not clearly warn the user that local files will be written and retained. Persistent storage can expose search history, monitored targets, and operational notes to other local users or processes, especially on shared or managed endpoints.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The monitor mode describes creating a recurring background task and sending notifications without a clear warning that automation will continue after the initial invocation. Persistent automation can generate repeated network access, ongoing local logging, and surprise notifications, which is risky in enterprise environments and could violate user expectations or policy if enabled silently.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal