ClawHub

Content Analyzer

Security checks across malware telemetry and agentic risk

Overview

This read-only social-media analyzer has purpose-aligned behavior, but it can make unexpected network requests from crafted URLs and silently bypass proxy settings.

Review before installing. Use it only with trusted Xiaohongshu or Douyin URLs and a TikHub token you are comfortable using. The Douyin profile feature should be treated as a search-based approximation, not verified account analysis, and users relying on proxy settings should be aware the script clears them for its requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to invoke a local Python script via an exec tool on any matching user-supplied URL, but the skill declares no permissions despite requiring code execution, environment access, and likely outbound network access. This creates a hidden capability boundary bypass: reviewers and runtime policy may treat the skill as low-privilege while it can execute code and reach external services, increasing the risk of command misuse, unintended data exposure from the environment, or unsafe network interactions through the script.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The Douyin profile handler claims to analyze a specific creator profile but actually performs a generic search using the supplied sec_uid as a keyword and aggregates whatever posts are returned. This can produce materially incorrect results about the requested account, creating an integrity issue where downstream users or agents may make decisions based on unrelated content.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The code documentation and behavior diverge: it states it fetches a Douyin user's posts/profile data, but only performs a best-effort search. In an agent skill, this mismatch is dangerous because it misleads operators into trusting the output as profile-scoped analysis when it is not, increasing the risk of false attribution and incorrect automated actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal