ClawHub

深知写作助手

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed official-document writing helper that uses a user-configured DKnowC search API and local DOCX generation, with no evidence of hidden or destructive behavior.

Before installing, understand that DKnowC searches send your search terms and filters to an external service using your configured API key. Avoid putting confidential personnel, business, or government-sensitive details into search queries unless your organization permits that data flow, and keep config.ini private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill claims retrieval is restricted to the DeepKnow search script, but later permits Web or official-site search when the user asks. That inconsistency weakens trust boundaries and can lead to provenance confusion, where externally fetched material is treated as if it had the same validation and handling guarantees as DeepKnow results.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends the user's query, area, and time filters to an external service over the network, but there is no explicit user-facing notice, consent mechanism, or redaction step before transmission. In this skill's context—official/government and enterprise document drafting—queries may contain sensitive policy, personnel, or internal business details, so silent external transfer creates a real privacy and data-governance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal