ClawHub

Xhs Crafter

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended for article-to-image production, but it automatically uploads generated user content to Feishu cloud storage without a clear per-run consent step.

Install only if you are comfortable with generated article images and text being written locally and uploaded to Feishu/Lark under the configured account. Use it on non-sensitive drafts unless you first modify the workflow to require confirmation and disable cloud upload by default.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill presents itself as a local article-to-image packaging tool, but its workflow also performs Feishu cloud-drive synchronization. That discrepancy is dangerous because users may provide private draft content expecting local-only handling, while the skill is authorized to transmit the outputs to a third-party service.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documented use of `lark-cli` to create remote folders and upload generated files expands the skill from formatting into external data exfiltration capability. For a skill whose primary purpose is visual layout generation, remote drive management is not necessary by default and materially increases privacy and account-abuse risk.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The workflow explicitly adds a second delivery channel that uploads generated artifacts to Feishu/Lark cloud storage, which exceeds a local formatting-only skill and introduces off-device data transfer. Because the content being processed is user-supplied article material and generated images/text, this creates a real confidentiality and data-governance risk if upload occurs automatically or by default.

Context-Inappropriate Capability

Medium
Confidence
79% confidence
Finding
The workflow directs the agent to use external shell/CLI tooling such as curl to fetch and write files locally, which expands the skill from simple formatting into local system and network operations. While some tools are operationally relevant for rendering screenshots, unrestricted command/tool use increases the attack surface for unintended file writes, network access, and environment-dependent side effects.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README states that outputs are delivered to both a local folder and Feishu cloud drive, but it does not clearly warn users that content may be written to disk and transferred to a third-party cloud service. For a skill that processes user-provided articles, this can lead to unintended disclosure of sensitive drafts or metadata if users assume the operation is purely local.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The usage flow promises a fully automated workflow and says users only need to provide a Markdown file to get an output folder, but it omits clear notice about side effects such as local file creation and cloud upload. This increases the risk of users invoking the skill on confidential content without realizing it will be persisted or synchronized externally.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The English README repeats the dual-delivery behavior to local storage and Feishu cloud drive without any accompanying privacy or side-effect warning. Duplicating this omission in the English section broadens the population of affected users and makes accidental disclosure more likely.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The English workflow describes a fully automated pipeline ending in screenshot delivery to a local folder and Feishu cloud drive, but provides no warning about automatic persistence or remote transfer. In the context of article-processing tooling, that omission is security-relevant because users may pass proprietary, unpublished, or personal text expecting only transient processing.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly instructs fully automatic execution without pausing for confirmation, while later steps include file creation, local command execution, network retrieval, and cloud upload. Eliminating confirmation on side-effectful actions removes an important safety control and can lead to unwanted writes or external disclosure of user content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill allows automatic network image retrieval and AI image generation based on user content without warning the user that article themes, prompts, or embedded image hints may be sent to external services. This can leak sensitive topics or proprietary material to third-party providers unintentionally.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill mandates downloading third-party assets to local storage via fetched URLs and `curl`, which introduces both privacy and supply-chain risk. Unvetted remote content is written locally and then incorporated into generated artifacts, potentially exposing the environment to malicious or inappropriate files and making provenance opaque.

Missing User Warnings

High
Confidence
98% confidence
Finding
This section combines automatic local folder creation with remote cloud upload, yet provides no warning or consent mechanism for handling the generated text and images. In context, the files may contain unpublished articles, screenshots, quotations, or business material, so silent persistence and transmission substantially increase confidentiality risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The instructions require automatic creation of a temp-folder delivery directory, copying outputs into it, and opening it with explorer.exe without any notice or approval step. Even if the action is convenient, it performs local filesystem changes and launches a GUI process on the user's machine, which is a meaningful side effect beyond pure content transformation.

Missing User Warnings

High
Confidence
97% confidence
Finding
This section instructs uploading generated files to Feishu Drive and returning the cloud folder URL, but provides no warning that content is being transmitted to a third-party service. In a skill whose primary purpose is article-to-image formatting, silent cloud synchronization materially increases privacy, compliance, and unauthorized disclosure risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal