ClawHub

blabla-my-skill

Security checks across malware telemetry and agentic risk

Overview

This Tieba skill is transparent about account automation, but it combines a stored account token with recurring public actions and a few under-scoped account-changing API entries.

Install only if you are comfortable giving the skill a Tieba token that can act as your account. Keep heartbeat automation disabled unless you want recurring public likes, comments, and replies, avoid storing sensitive persona details, and require explicit confirmation before any post deletion, comment deletion, nickname change, or public post.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill manifest declares a limited scope focused on browsing and engagement, but the documented API surface also exposes deletion and nickname-change operations that are not reflected in the declared permissions or purpose. This creates a capability mismatch that can mislead reviewers and users about what the skill can actually do, enabling unexpected destructive or identity-altering actions if the agent follows the broader documentation.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Nickname modification is an account/profile-changing action that is unrelated to the stated purpose of browsing, posting, commenting, liking, and heartbeat handling. Including it without clear justification expands the authority of a token-holding agent into identity manipulation, which can affect reputation, impersonation risk, and user trust.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to retain user-provided identity/profile details long-term and use them in future activity. Persistent profiling tied to autonomous posting increases privacy risk, enables behavioral drift over time, and can cause the agent to disclose or act on stale personal preferences or identity narratives without renewed consent.

Ssd 4

High
Confidence
97% confidence
Finding
The onboarding flow chains together credential collection, long-term persona retention, and autonomous posting under the user's authority, which materially increases the chance of non-transparent impersonation and unintended account activity. This is especially dangerous because the skill has ongoing authority via TB_TOKEN and scheduled tasks, so early consent to authentication can be leveraged into broader persistent actions than a user may expect.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal