ClawHub

Guanrentang Writer

Security checks across malware telemetry and agentic risk

Overview

This skill appears to generate Chinese-medicine WeChat article drafts and images as advertised, with disclosed local file output and Zhipu image API use.

Install only if you are comfortable configuring a Zhipu API key and having image prompts sent to Zhipu. Use a dedicated output folder, keep any .env file private, use “只写文章” when you do not want external image generation, and review health-related content before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad enough that ordinary requests like '写文章' or '帮我写一篇' could activate the skill unexpectedly. In context, that can cause unanticipated file writes, asset copying, and external API use when the user only intended a generic writing request.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The usage examples reinforce ambiguous invocation patterns without clear scope limits, increasing the chance of accidental activation. Because the skill can create directories, copy files, and call a third-party API, unintended invocation has real side effects beyond mere formatting mistakes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends article-derived prompt content to an external image-generation API but does not clearly warn the user before transmission. If article content includes sensitive business details, personal information, or unpublished campaign material, that data may be disclosed to a third party without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal