ClawHub

article-architect

Security checks across malware telemetry and agentic risk

Overview

This article-outline skill requires reading a Feishu personal-information document and saving output to a fixed Feishu folder without clear user opt-in.

Install only if you intentionally want the agent to access your Feishu personal-information document and save generated drafts into the specified Feishu folder. Before use, verify that the document and folder are yours, remove secrets or private account details, and require the agent to show what it will read and where it will save before allowing Feishu access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill metadata presents a content-planning capability, but the instructions expand behavior to writing files into an external Feishu folder. This is a scope mismatch that can cause unintended data exfiltration or unauthorized side effects because a user invoking an outline skill would not reasonably expect persistent external writes.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The manifest describes article-outline generation, but the skill requires reading a separate Feishu document containing detailed personal and target-user information before starting. This hidden data-access prerequisite violates least surprise and expands the skill into personal-data retrieval without clear user awareness or necessity.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Mandating access to a detailed personal-information document is not obviously necessary for generating a general article outline and creates unnecessary exposure of sensitive data. If that document contains more information than needed, the skill may ingest and propagate personal details into outputs or downstream storage.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs saving generated content to an external Feishu folder without a clear user-facing warning or consent flow. Writing user-derived content to a third-party location can expose confidential strategy, drafts, or embedded personal details beyond the expected chat interaction.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill requires reading personal data from a Feishu document before proceeding but does not warn the user that their personal information will be accessed and used for generation. This undermines informed consent and can lead to unexpected processing of sensitive profile and audience data.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill normalizes reading a document with detailed personal and target-user information and using it as broad context without minimization limits. This increases the risk of over-collection, unnecessary retention in model context, and accidental disclosure of sensitive details in generated content.

Ssd 3

Medium
Confidence
94% confidence
Finding
Requiring exact reuse of account information from the personal-information file increases the likelihood that private identifiers, account names, or profile attributes will be reproduced in output. This can unintentionally expose sensitive or private account metadata to readers or external systems.

Ssd 3

Medium
Confidence
95% confidence
Finding
Repeating that the agent must read the user information file before execution entrenches personal-data access as a default prerequisite rather than an exception. In this skill context, that makes unnecessary exposure more dangerous because the core task is content outlining, which can usually be performed with far less sensitive context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal