ClawHub

进击的知识库

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent archiving purpose, but it handles links, files, cookies, external uploads, and remote sheet writes with under-disclosed data flow and command-execution risks.

Install only if you are comfortable with the skill downloading content, using platform cookies when needed, sending some links to external services, uploading files to Tencent Docs, and writing persistent index records. Use it with non-sensitive content first, avoid personal session cookies unless necessary, and review or patch the shell execution and upload destination validation before trusting it with private or business data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run(cmd: str, timeout: int = 300) -> str:
    r = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=timeout)
    if r.returncode != 0:
        raise RuntimeError(f"命令失败: {cmd[:80]}\n{r.stderr[:300]}")
    return r.stdout.strip()
Confidence
99% confidence
Finding
r = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=timeout)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def curl_put(url: str, path: str) -> None:
    r = subprocess.run(
        ["curl.exe", "-X", "PUT", "--upload-file", path,
         url, "-H", f"Content-Type: application/octet-stream",
         "--max-time", "300", "-sS"],
Confidence
85% confidence
Finding
r = subprocess.run( ["curl.exe", "-X", "PUT", "--upload-file", path, url, "-H", f"Content-Type: application/octet-stream", "--max-time", "300", "-sS"], capture_ou

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The design explicitly describes a fully automated pipeline that downloads third-party content, uploads it to Tencent Docs, and writes records into an index table, but it does not document a clear user-facing confirmation, disclosure, or warning about these external data transfers and state-changing actions. In a skill that handles links, files, and cross-platform content, this increases the risk of users triggering unintended downloads, uploads, or persistent record creation without understanding where their data is going.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README promotes a workflow that automatically downloads user-supplied content from multiple platforms and uploads it into a Tencent Docs knowledge base, but it does not clearly warn about privacy, copyright, consent, or sensitive-data handling. In an agent context, this can normalize bulk ingestion of third-party or personal content and increase the chance of unauthorized collection, retention, and redistribution of data.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes broad everyday phrases like '丢链接', '下载这个视频/文章', and '帮我存这个', which can cause accidental invocation in normal conversation. In this skill's context, accidental triggering is more dangerous than usual because activation can lead to downloading remote content, writing local files, and uploading data into Tencent Docs.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises downloading third-party content from multiple platforms and notes that some flows may require login-state cookies, but it does not clearly warn users about privacy, account, copyright, and credential-handling risks. This omission is significant because users may provide authenticated content or browser cookies without understanding that private data could be fetched, stored locally, and re-uploaded to another platform.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
This function uploads full local file contents to a remote `upload_url` and then imports them into Tencent Docs, but the CLI/skill flow provides no explicit confirmation or warning at the point of transmission. In an agent context that processes user-supplied links/files, silent remote transmission increases privacy and data-leakage risk.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The function mutates a remote Tencent Docs smart sheet by appending records without an explicit user warning or confirmation. In a shared workspace context, this can cause unintended data disclosure, integrity issues, or silent modification of shared organizational records.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code sends a user-supplied WeChat share link to a third-party endpoint (sph.litao.workers.dev) for parsing, which can expose private or sensitive URLs, identifiers, and access tokens embedded in the link without any user warning or consent mechanism. In the context of a knowledge-base ingestion skill that encourages users to paste links, this creates a real privacy and data-handling risk because users may assume processing is local or platform-native.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal