ClawHub

Baoyu Skills Wrapper

Security checks across malware telemetry and agentic risk

Overview

This wrapper describes useful content tools, but it also directs use of authenticated browser sessions for social posting and arbitrary page capture without enough scoping or safety controls.

Install only if you trust the referenced baoyu-skills source and understand that some tools may use your logged-in browser to post to real social accounts or read pages visible in that session. Review the underlying scripts before running them, use test or draft flows where possible, keep API keys out of repositories, and avoid processing private or unauthorized pages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill advertises browser-based posting to external social-media accounts, including anti-automation evasion, without explicit safety warnings or confirmation requirements. In this context, users may trigger actions that publish content, use authenticated sessions, or affect third-party accounts without fully understanding the consequences, increasing the risk of unintended account misuse or data exposure.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The documentation promotes grabbing arbitrary URLs through Chrome CDP and converting content to Markdown without describing privacy, authorization, or data-handling constraints. Because this capability may access authenticated browser content or sensitive pages visible in the user's session, insufficient warning can lead to accidental extraction of private or restricted data.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The instructions tell users to store API keys in a local .env file but omit basic credential-handling precautions such as file permissions, exclusion from version control, and avoiding accidental disclosure. While local secret storage is common, missing guidance increases the chance of credential leakage through backups, logs, shared systems, or copied files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal