ClawHub

A股每日复盘视频生成

Security checks across malware telemetry and agentic risk

Overview

This skill coherently generates A-share recap videos, with disclosed dependency installs and asset downloads that users should review before running.

Install this only if you are comfortable with it installing Python dependencies, installing two dependency skills, and downloading font/BGM assets from external sources. Run it in a virtual environment when possible, review the generated slides before video creation, and independently verify financial data and wording before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
except ImportError:
        print('  ⚠️  需要 fonttools 来转换字体格式,正在安装...')
        import subprocess
        subprocess.check_call([sys.executable, '-m', 'pip', 'install', 'fonttools', 'brotli', '-q'])
        from fontTools.ttLib import TTFont

    ttf_path = str(woff2_path).replace('.woff2', '.ttf') if '.woff2' in str(woff2_path) else str(woff2_path) + '.converted'
Confidence
96% confidence
Finding
subprocess.check_call([sys.executable, '-m', 'pip', 'install', 'fonttools', 'brotli', '-q'])

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
An asset bootstrap script should verify or download static files, but here it also installs Python packages at runtime. That broadens the trust boundary from known asset URLs to package index resolution and package-install side effects, creating unnecessary supply-chain and environment-modification risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The setup script performs package installation with pip immediately when dependencies are missing, which modifies the host environment without any confirmation, dry-run, or dependency pinning. In an agent/skill context, this is risky because invoking setup can silently fetch and install code from external package registries, increasing supply-chain and unintended-execution exposure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script installs external skills via skillhub/clawhub without disclosing versions, source integrity, or contents before execution. Because skills can contain executable logic and additional dependencies, silent installation expands the trust boundary and can introduce unreviewed code into the agent environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal