ClawHub

Snapdesign Rednote Clean

Security checks across malware telemetry and agentic risk

Overview

This appears to be a Xiaohongshu image/layout skill, but it asks for an external API key and performs local file cleanup in ways that are not clearly scoped or disclosed.

Review this skill before installing. Only use it if you trust the LibTV/Liblib provider, are comfortable sending relevant prompt or layout content to that service, and can confirm its output directory is safely contained before any recursive cleanup runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The README instructs users to configure a LibTV/Liblib API key even though the skill is presented as a layout/formatting tool. That creates an undeclared external service dependency, which can expose user content and credentials to a third party without clear disclosure or necessity, increasing supply-chain and data-handling risk.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
A hidden or weakly justified dependency on an external LibTV/Liblib API is risky because users may assume processing is local when it is not. This mismatch can lead to unintended transmission of sensitive business content, prompts, or generated materials to a third-party endpoint.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger conditions are mandatory and extremely broad, causing the skill to activate for many ordinary requests about Xiaohongshu images or formatting. Overbroad auto-invocation can route user content into local file generation and rendering workflows without clear user intent, increasing the chance of unintended processing and data exposure within the agent environment.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill instructs the agent to save generated PNG files locally but does not disclose local artifact creation or retention behavior. This can lead to sensitive user content being written to disk unexpectedly, where it may persist longer than intended or be accessible to other processes, logs, or future runs depending on the environment.

Missing User Warnings

High
Confidence
96% confidence
Finding
The embedded code recursively deletes a local directory via shutil.rmtree(PNG_DIR, ignore_errors=True) without strong path validation or user disclosure. If TOPIC or path construction is malformed, attacker-influenced, or unexpectedly resolved, this could delete unintended files or directories in the runtime environment.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill loads Google Fonts from an external network source without warning, despite the surrounding content acknowledging sandbox network constraints elsewhere. External fetches can leak usage metadata, introduce nondeterministic behavior, and create unexpected outbound network access during rendering.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal