ClawHub

Sentiment Radar

Security checks across malware telemetry and agentic risk

Overview

This is a plausible sentiment-monitoring skill, but it needs review because it uses authenticated social sessions, live browser automation, retained scraped comments, and persistent changes to another crawler's configuration.

Review before installing. Use a dedicated social account and isolated browser profile, inspect or pin the MediaCrawler dependency, avoid the Douyin scraper unless you explicitly intend to use it, sanitize keywords, and treat generated reports/stdout as retained social-media content that may include location metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script rewrites another project's persistent config file in place, which creates side effects beyond the immediate run and can alter future behavior of that installation. Because the keywords are inserted directly into Python source text, crafted input containing quotes or newlines can also corrupt the config or inject unintended Python configuration content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs collection of public social media content, automatic comment fetching, and local JSON report storage, but does not warn users about data retention, privacy implications, or handling of scraped content. This increases the risk of unintentional collection and persistence of personal data, especially when aggregating cross-platform user-generated content for analysis.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill references authenticated access via OAuth and a local token file at ~/.mcporter/xpoz/tokens.json without warning that these credentials are sensitive. Users may expose, mishandle, or over-permission these tokens during setup or troubleshooting, which could lead to account compromise or unauthorized API use.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script prints full structured analysis results to stdout and writes sampled comments with `ip_location` and comment text into a markdown report, which can expose personal or quasi-personal user data collected from social platforms. In this skill's market-intelligence context, exporting social-media content is expected, but doing so without minimization, redaction, or an explicit warning increases the risk of unintended disclosure when reports are shared, logged, or stored in less-controlled locations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The crawler silently performs persistent changes to an external installation without explicit user warning or consent, which is unsafe operationally and can surprise users or break other workflows. In a multi-skill workspace, this kind of hidden state mutation can have cascading effects on subsequent runs and troubleshooting.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal