ClawHub

向日葵远程控制

Security checks across malware telemetry and agentic risk

Overview

This appears to be a remote-control skill, but its generic MCP tool forwarding and limited safety disclosures make its effective authority too broad to install casually.

Install only if you intend to use it for systems you own or are authorized to administer. Before use, confirm exactly which MCP server and tools are reachable, restrict it to the intended remote-control operations, and require explicit confirmation before screenshots, remote commands, file changes, port forwarding, shutdown, reboot, or wake actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill exposes MCP-backed capabilities without declaring permissions or trust boundaries, which makes the effective power of the skill opaque to users and reviewers. In this context, the skill can initiate remote control, command execution, screenshots, and power actions, so missing permission disclosure materially increases the risk of unauthorized or poorly understood high-impact operations.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
A description-behavior mismatch is highly dangerous because the skill presents itself as a remote-control toolkit while apparently acting as a generic MCP proxy that can enumerate and invoke arbitrary tools from configured servers. That breaks user expectations and expands the attack surface far beyond the documented remote-control scope, potentially enabling access to unrelated privileged actions, data sources, or automation backends.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README actively promotes remote desktop control, screenshot capture, and command execution on remote machines, but it does not include clear privacy, authorization, or system-impact warnings. In a skill specifically designed for remote control, omission of guardrails increases the risk of misuse, unauthorized access, and accidental destructive actions by users or downstream agents.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill openly supports remote command execution, live desktop control, screenshots, and power operations, all of which can affect system integrity, availability, and privacy, yet it provides no explicit warning or consent guidance. In a remote-administration context, these are sensitive actions that can easily be abused for surveillance, disruption, or unauthorized changes if operators are not clearly alerted to their impact.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The executor accepts a JSON tool call from the command line and forwards it directly to any MCP tool exposed by the configured server, with no allowlist, policy checks, or confirmation for dangerous actions. In the context of an awesun remote-control skill, those tools can plausibly perform sensitive operations such as remote command execution, desktop control, or power management, so unrestricted invocation materially increases the chance of destructive or unauthorized actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal