ClawHub

Clawhub Daily

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed ClawHub recommendation and Feishu/IMA delivery tool, with some setup and privacy cautions but no artifact-backed malicious behavior.

Install only if you want ClawHub skill recommendations and optional Feishu/IMA delivery. Use a least-privilege Feishu app, keep references/config.json private, review any cron schedule before enabling it, and consider running in local-only mode or with push disabled if you do not want briefs sent to third-party services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The script resolves user_open_id with the documented precedence `CLI > config.json`, but when sending the Feishu message it passes `args.user_open_id` instead of the resolved `user_open_id`. If the operator relies on config.json, the earlier validation passes but the actual send call may use `None` or the wrong recipient value, causing delivery failure or misdelivery. In a messaging/integration script, sending to the wrong recipient can expose recommendation content to an unintended user.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README prominently advertises automatic push of generated briefs to Lark/Feishu, but it does not clearly warn users what data will be transmitted externally, when transmission occurs, or what consent/configuration gates exist before sending. In an agent-skill context, undocumented outbound delivery can cause unintended disclosure of scraped content, summaries, metadata, or user-linked destination identifiers to third-party services.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases include broad, natural-language inputs such as '帮我推荐技能' and '扫描 ClawHub', which can plausibly appear in ordinary conversation and cause the skill to activate unintentionally. Because this skill can initiate external data fetching and downstream push workflows, accidental activation can lead to unnecessary network activity, unexpected recommendations, or unintended delivery actions if paired with automation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises Feishu and IMA push delivery but does not prominently warn that generated recommendation content and metadata may be transmitted to third-party external services. Users may reasonably assume the skill is only doing local analysis, so the lack of disclosure undermines informed consent and increases privacy and data-handling risk.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The matching logic uses raw substring checks across display name, summary, and tags, so generic tokens like "code", "mail", "data", or "watch" can over-match unrelated skills and assign misleading categories. In a recommendation pipeline, this can skew ranking, cause inappropriate automation suggestions, and make downstream behavior less predictable, especially if these categories influence what tools are promoted or auto-invoked.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The template explicitly instructs the agent/workflow to read Feishu credentials from a local config file, but does not require user consent, least-privilege scoping, or any warning that secrets will be accessed. In an agent skill context, this can normalize automatic secret access and increase the chance of unintended credential use or exfiltration if the downstream skill is compromised or over-permissioned.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase at this location is a common natural-language request that could plausibly appear in ordinary conversation, increasing the chance of unintended skill activation. In an agent environment, overly broad activation phrases can cause the skill to run when the user did not explicitly intend to invoke it, which may lead to unexpected data fetching, recommendations, or downstream actions.

Vague Triggers

Medium
Confidence
92% confidence
Finding
This trigger phrase is ambiguous and not specific enough to reliably distinguish intentional invocation from general user chat. Ambiguous activation control weakens user intent boundaries and can cause accidental execution of the skill in contexts where the user merely asks a generic question.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal