ClawHub

downloader

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly API documentation for social-media extraction and downloading, but it asks users to send account cookies and exposes cookie-update and request-signing endpoints without adequate safety boundaries.

Install only if you trust the configured API host and intentionally need these scraping/downloading functions. Do not paste personal Douyin or TikTok cookies unless you understand they can act like active login sessions; avoid the cookie-update and signing-token endpoints unless you have explicit authorization and a secure deployment with HTTPS and secret handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
These endpoints explicitly ask users to provide active Douyin web cookies to retrieve collection and live-room product data, but the skill text does not clearly warn that cookies are authentication credentials equivalent to account access. In an agent setting, requesting and transmitting such credentials to a third-party host over HTTP materially increases the risk of account compromise, session theft, and unauthorized access to private data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The cookie update endpoint accepts replacement authentication credentials for a service but provides no explicit warning about the sensitivity of the secret or how it will be stored, protected, or used. Because the skill config also shows plain HTTP host/base_url examples, this creates a realistic path for credential interception or misuse if users send live session cookies through the skill.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This endpoint requests a user's TikTok account cookie to access favorites, which implies use of full session credentials for account-scoped data. Even though the feature is functionally related to the skill, the absence of strong warnings and handling guarantees makes it dangerous because the cookie could be exposed, reused, or stored by the service or intermediary agent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal