ClawHub

ZDAT Chat Skill

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for social-media comment automation, but it asks for automatic public replies, scheduled activity, and lead-data recording without clear approval boundaries.

Review carefully before installing. Use it only with accounts and platforms where automated replies are allowed, configure narrow triggers, and require explicit approval before posting replies or writing commenter data to a ledger. The included scripts do not appear to perform live posting by themselves, but the skill’s runtime instructions are designed for automated external interaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger keyword "互动" is extremely broad and can match many ordinary user requests unrelated to social-media comment automation. In this skill's context, accidental triggering is more dangerous because the documented actions include replying on external platforms and writing lead data, which could cause unintended external actions or data recording from ambiguous prompts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes automatic posting of replies to external platforms and automatic recording of commenter information and content into a lead ledger, but provides no explicit warning, consent flow, or approval boundary. This is dangerous because it combines external side effects with collection and storage of user-generated data, increasing the risk of privacy violations, unauthorized outreach, platform-policy violations, and unintended actions at scale via scheduled execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal