ClawHub

一键知识库 - 微信内容管家

Security checks across malware telemetry and agentic risk

Overview

The skill’s goal of saving content to a Tencent or WeChat knowledge base is coherent, but broad triggers and unclear temporary local-copy handling create a real risk of unintended data movement.

Review before installing. Use it only if you are comfortable with selected links or files being downloaded locally and then uploaded to Tencent/WeChat knowledge-base services. Confirm exact source items and destination before each upload, avoid ambiguous commands like “save this,” and clean up any temporary files after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases include broad, everyday requests like '帮我存这个' and '下载这个视频/文章', which can easily match ordinary conversation and cause the agent to activate unexpectedly. In this skill, unexpected activation is more dangerous because the documented workflow automatically downloads remote content or handles local files and uploads them to Tencent Docs, creating a real risk of unintended data movement and privacy exposure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes automated ingestion but does not clearly warn users near the capability description that linked content and local files are first downloaded to local storage before upload. That omission matters because users may assume the tool streams content directly, when in fact it creates a temporary local copy that can expose sensitive files, increase retention risk, and surprise users in shared or monitored environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal