ClawHub

选妃 - 定时推送美女 - 整理美女图片

Security checks across malware telemetry and agentic risk

Overview

This skill does a local image-selection workflow, but it hard-codes sensitive local paths and overwrites avatar and preference files with limited user control.

Review the scripts before installing. Use this only if you are comfortable with a Bash/macOS-only skill reading a hard-coded local image directory, copying images into an OpenClaw workspace, opening a local preview page, and overwriting an avatar plus preference file. Change the hard-coded paths and fix the numeric selection mapping before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented behavior does not fully match what the skill actually does: it relies on a hardcoded local directory, may open generated HTML in the default browser, and may map numeric choices to predetermined files rather than the displayed random candidates. This is dangerous because users are induced to approve local file access, browser launching, and avatar updates under incomplete or misleading disclosure, which can enable privacy violations, unwanted side effects, or deceptive selection behavior.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The script reads from a hardcoded directory '/Volumes/info/sex/picture/AI girls' rather than a user-specified, constrained source directory. This broadens access beyond the declared skill scope and can expose sensitive or unintended local content if the skill is run in an environment where that path exists and contains private material.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are very broad and can invoke a workflow that reads local files, writes avatar data, and logs preferences without clear scoping or confirmation. In a skill that performs filesystem changes and processes sensitive local media directories, overly generic activation increases the chance of accidental execution and unintended data handling.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill states that it records user preferences to a file but does not clearly warn that this creates a persistent behavioral log tied to image selections from a sensitive directory. Preference logging can expose intimate interests, browsing habits, or personal profiling data, especially given the sexualized source path shown in the skill.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script unconditionally overwrites a fixed avatar file and replaces the preferences file without any prompt, backup, or atomic safety checks. In an agent setting, this can silently destroy prior user state or clobber files if the configured paths are important, especially because the writes occur automatically after parsing a selection.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal