ClawHub

文旅素材搜索

Security checks across malware telemetry and agentic risk

Overview

This skill openly searches and downloads tourism videos, but purchase-like chat commands can immediately run a shell download and write files without a separate confirmation.

Install only if you are comfortable with purchase/down-order chat commands immediately downloading remote media into local storage. Prefer adding an explicit confirmation step, keeping downloads constrained to a dedicated folder, and reviewing TRADE_API_BASE/WENLV_API_ORIGIN settings before use, especially before enabling any real transaction API.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill defines broad natural-language triggers for purchase and selection such as '购买', '下单', and related variants, and maps them directly to side-effectful actions. In conversational systems, ambiguous trigger phrases increase the risk of unintended purchases and automatic local downloads from ordinary or quoted user text.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill description says that after purchase it will automatically download video to local storage and output the file path, but this side effect is not presented as a prominent warning or consent boundary. Silent local file writes are risky because users may think they are only browsing/searching while the agent performs persistent system actions.

Missing User Warnings

High
Confidence
98% confidence
Finding
The purchase flow mandates shell execution to download remote content (`bash scripts/download_video.sh`) without a prominent safety warning or opt-in checkpoint. Executing shell-based downloads from conversation-driven triggers expands the attack surface to command execution, unsafe file writes, and abuse of network access.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly forbids a confirmation step and requires immediate purchase/download execution upon matching a purchase instruction. Removing confirmation for an action that causes remote fetches and local file writes materially increases the chance of accidental or socially engineered execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly instructs the agent to automatically download purchased video files to local storage after a mock transaction, without requiring explicit runtime user consent or clarifying the destination and overwrite behavior. Unprompted file writes create a real safety boundary crossing: a remote API response can cause local persistence of attacker-controlled content, increasing risk of disk abuse, unsafe file placement, or downstream handling of untrusted media.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal