ClawHub

国内需求挖掘

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware-like, but it presents generated sample data as real platform research, which could mislead users.

Review this skill carefully before installing or using it for decisions. The main risk is not malware; it is that generated sample data can be mistaken for real user research. Only use it if you are comfortable treating the bundled fetchers as demos, or after the publisher clearly labels synthetic data, adds provenance fields, and implements compliant live collection with privacy safeguards.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (19)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill is flagged as having file read/write capabilities without declared permissions, which breaks least-privilege expectations and can hide data access or modification behavior from the caller and platform. In this context, the skill is marketed as a data-mining/reporting workflow, so undeclared local file access is not obviously necessary and increases the risk of unauthorized access to local data or silent report/file tampering.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The description claims real scraping of public platforms, but the finding indicates the implementation may instead use built-in sample comments and broader platform logic than disclosed. This is dangerous because it can mislead users into trusting fabricated or non-representative data as real market intelligence, and hidden behavior beyond the declared scope undermines informed consent and security review.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The cleaned dataset appears materially misaligned with the skill's declared purpose of mining user demand from Chinese public platforms for market/product insight. Instead of domain-specific complaints or需求 about target products/categories, the records are largely about '公益项目' and mixed platform samples under '公务员备考/考试', which indicates dataset contamination, labeling drift, or bad source selection. In a demand-mining skill, this can cause the agent to generate misleading analysis and recommendations from irrelevant data, undermining downstream decisions.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The file content is materially inconsistent with the skill’s declared purpose: it contains repeated Weibo posts about 公务员备考 and公益话题 rather than the stated focus on demand mining from platforms like 抖音、小红书、淘宝. This kind of dataset/manifest mismatch can mislead downstream analysis, cause the agent to generate inaccurate market-demand reports, and enable hidden repurposing of the skill toward unrelated monitoring or topic analysis.

Description-Behavior Mismatch

Medium
Confidence
99% confidence
Finding
The script is presented as fetching Douyin comments, but `fetch_comments` only returns hard-coded sample data while preserving the appearance of real collected platform data. In this skill’s market-research context, that can mislead downstream analysis, reports, and business decisions, creating a data integrity issue rather than a direct code-execution bug.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The CLI description states that it will 'fetch Douyin comment data', but running it only synthesizes local sample records. This mismatch increases the risk that operators, other tools, or automated pipelines will trust the output as genuine scraped user feedback, which is especially dangerous in a demand-mining skill intended to support user-needs analysis.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The script advertises that it 'fetches' ecommerce negative reviews, but it only emits hard-coded sample complaints and repeats them up to the requested limit. In this skill context, that is dangerous because downstream market-research or demand-mining outputs may be presented as if they were based on real user feedback, causing deceptive analysis and potentially unsafe business decisions.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
Function names, argument descriptions, and output messaging all claim review 'fetching,' but the implementation only constructs static examples. In a demand-mining skill whose purpose is to analyze user complaints and discover market opportunities, this mismatch materially increases the risk of fabricated evidence being treated as genuine intelligence.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The function is presented as fetching platform comments but actually returns fabricated sample data repeated up to the requested limit. In a market-demand mining skill, this can mislead downstream analysis, reports, and business decisions by presenting synthetic data as if it were real user feedback.

Description-Behavior Mismatch

Low
Confidence
81% confidence
Finding
This file introduces WeChat 视频号 as a data source even though the declared skill scope focuses on other platforms. Undeclared data sources reduce transparency and can cause compliance, user-expectation, and governance issues, especially in a tool that claims targeted platform selection for research.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The CLI description and argument help explicitly claim to 'fetch' 视频号 comment data, but the implementation only generates placeholder records. This is dangerous because operators may trust the output as authentic evidence, leading to false research conclusions and potentially deceptive reporting.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script claims to fetch Weibo comment data, but it only generates hardcoded sample comments and writes them out as if they were collected from the platform. In a demand-mining skill, this can mislead downstream analysis, reports, and business decisions by presenting fabricated data as real user feedback.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill metadata promises scraping real Xiaohongshu comments, but this implementation fabricates static sample data and labels it as platform-derived output. In a market-research and demand-mining context, this is dangerous because downstream reports may be presented as evidence-based user research when they are actually synthetic, causing deceptive decision-making and possible compliance or reputational harm.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The CLI description states that it fetches Xiaohongshu comment data, but the code only emits predefined mock records. This misrepresentation increases the risk that users or other components will trust the output as authentic external-platform intelligence, which is especially problematic for a skill intended to analyze user complaints and market opportunities.

Vague Triggers

Medium
Confidence
76% confidence
Finding
Overly broad trigger phrases can cause the skill to activate on ordinary conversations about complaints, pain points, or market research, leading to unintended execution. In a skill that may read/write files and generate research artifacts, accidental triggering expands the attack surface and can cause unwanted data processing or misleading outputs without clear user intent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The report recommends tracking learning behavior and building user profiles to personalize instruction, but it does not mention consent, data minimization, retention limits, or disclosure of how sensitive learner data will be used. In an education context, this can lead to over-collection and misuse of behavioral data, especially when tied to performance and study habits, creating privacy and trust risks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document proposes emotion recognition, emotional support, and mood-based interaction without warning that emotional-state data is highly sensitive and that AI may misread or mishandle distress signals. In a study-support product, users may rely on the system during vulnerable moments, increasing the risk of harmful inferences, inappropriate responses, and covert collection of sensitive psychological data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The report discusses detailed user profiling and even 'data services' as part of the business model, but gives no warning about downstream sharing, retention, access, or commercialization of learner data. That omission is risky because it normalizes turning educational interaction data into a monetizable asset without transparency, which can expose users to secondary-use abuse and regulatory issues.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The report explicitly recommends an 'AI学习伙伴' for emotional support and motivation, including claims about reducing loneliness and improving persistence, but provides no safety boundaries, no disclaimer that the system is not a mental-health service, and no escalation guidance for users in distress. In an education product, anthropomorphic emotional-support framing can cause vulnerable users to over-rely on the AI for psychological support or disclose sensitive mental-health information without appropriate safeguards.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal