ClawHub

Baidu Content Censor

Security checks across malware telemetry and agentic risk

Overview

This skill coherently sends user-selected text or images to Baidu for content moderation, with privacy and credential-handling cautions but no evidence of hidden or malicious behavior.

Install only if you are comfortable sending moderated text, image URLs, and local image file contents to Baidu Cloud. Use least-privilege Baidu credentials, do not commit or share BCE_SINAN_AK/BCE_SINAN_SK, avoid logging URLs that may contain tokens or secrets, and delete the local token cache when rotating credentials or uninstalling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad and overlap with common conversational requests like '请审核...' or '检测一下...', which can cause the skill to activate unexpectedly. In this skill's context, accidental activation is security-relevant because it may transmit user text, image URLs, or local image files to Baidu without a clear, intentional handoff.

Missing User Warnings

High
Confidence
97% confidence
Finding
The execution instructions state that text, image URLs, and local image paths will be sent to Baidu APIs, but the skill does not clearly warn the user that their content will leave the local environment. This is dangerous because users may unknowingly disclose sensitive text or private local files to a third-party service.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The documentation instructs users to populate AK/SK environment variables but does not explain that these are sensitive credentials with access implications. This omission increases the risk of mishandling, accidental disclosure, or insecure storage of cloud API secrets.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code sends AK/SK in the request URL query string when fetching tokens. Secrets placed in URLs are more likely to be exposed through logs, proxies, monitoring systems, browser/history equivalents, or exception traces, increasing the chance of credential disclosure even though the request uses HTTPS.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
User-supplied text is transmitted to a third-party moderation service without any explicit user-facing disclosure or consent mechanism. In a skill context, this can cause unintentional leakage of sensitive or regulated content to an external provider, especially if the caller assumes local-only processing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Image bytes or image URLs are sent to a remote service without explicit disclosure. This may expose sensitive local file contents, private images, or internal resource URLs to a third party, which is particularly risky in an agent skill that may process user-provided paths or links.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal