ClawHub

Weibo 微博数据备份

Security checks across malware telemetry and agentic risk

Overview

This Weibo backup skill is review-worthy because it saves reusable login cookies and includes broad browser-session access without enough scoping or warnings.

Install only if you are comfortable giving a local Python/Playwright script access to your logged-in Weibo session. Use a dedicated browser profile, protect or delete cookies.json and browser_data after use, avoid --connect-browser unless you understand the browser-control risk, set a clear target URL and download limit, and only archive content you are authorized to retain.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill instructs the agent to read local authentication material such as cookies.json or a browser user-data directory, write downloaded content to disk, and access Weibo over the network, yet it declares no permissions. That mismatch weakens user awareness and policy enforcement because the skill can handle sensitive session data and persist third-party content without an explicit consent boundary.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill can connect to any Chrome instance exposed over a CDP endpoint, then reuse its tabs, cookies, and authenticated browser context. In an agent setting, this is dangerous because it expands access well beyond Weibo backup and can inherit unrelated sessions from the user's browser, enabling unintended data access or actions in other sites.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly instructs users to rely on a locally stored cookies.json file to persist Weibo login state, but it does not warn that this file contains sensitive authentication material. If the file is exposed through weak filesystem permissions, backups, shared machines, or accidental commits, an attacker may reuse the session and access the user's Weibo account without needing credentials.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger text is overly broad and can cause the skill to activate for almost any Weibo backup-related request, including requests involving other users' content. In an agent environment, broad auto-invocation increases the chance of running a networked scraping/downloading workflow unexpectedly and without a sufficiently specific user confirmation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly supports downloading content from 'other bloggers' and storing images, videos, and articles locally, but it does not provide a clear warning about privacy, copyright, or terms-of-service risks. This makes misuse more likely and reduces informed consent, especially because the tool facilitates bulk local retention of third-party content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code persists full browser cookies to cookies.json by default, which stores live session material on disk without meaningful protection or prominent consent. If the file is read by another local user, process, backup system, or later mishandled by an agent, the user's Weibo session could be replayed.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
For video downloads, the skill extracts browser cookies and sends them in outbound aiohttp requests. This increases exposure of authenticated session data beyond the browser engine and can leak credentials to unexpected hosts if a video URL is attacker-controlled, redirected, or simply not constrained to trusted Weibo domains.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal