ClawHub

自动将视频发布到中国三大主流平台:**B站(Bilibili)**、**抖音(Douyin)**、**小红书(Xiaohongshu)**。

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real video auto-publisher, but it can post to live social accounts using saved session cookies and includes under-disclosed automation risks.

Install only if you are comfortable giving this skill ongoing logged-in access to your creator accounts and letting it perform live posts. Review the exact video, title, description, tags, and platform list before running; protect or delete the cookies directory after use; and be aware that anti-detection automation may violate platform rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill advertises file read/write capabilities indirectly through behavior like selecting video files, saving cookies, and writing logs, but does not declare any permissions or data-access expectations. This creates a transparency and consent problem: users may invoke the skill without realizing it will access local files and persist authentication artifacts on disk.

Tp4

High
Category
MCP Tool Poisoning
Confidence
68% confidence
Finding
The documented behavior does not fully match the analyzed capabilities, including additional platform publishing, persistent login handling, and auto-generated metadata. Behavior mismatches are dangerous because users may authorize automation under one scope while the skill operates on a broader scope, increasing the chance of unintended publication or credential handling.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The README explicitly advertises 'anti-detection' and bypassing platform anti-bot mechanisms, which goes beyond ordinary video publishing and signals evasion of security controls. In the context of a browser-automation skill that operates on real user accounts, this increases the likelihood of misuse, account sanctions, and unsafe design choices intended to defeat platform protections.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The implemented behavior exceeds the declared scope: the metadata says the skill publishes to three Chinese platforms, but the code also supports KuaiShou. Scope mismatches matter in automation skills because users may grant trust, credentials, or operational approval based on incomplete disclosure, and hidden platform support can lead to unexpected publication targets or broader account access than intended.

Description-Behavior Mismatch

Medium
Confidence
99% confidence
Finding
The skill is presented as a generic auto-publisher, but it is hardwired to discover only local files matching 'iran_news_*.mp4' and to generate specific Iran-war news titles, descriptions, and tags. In a publishing automation context, this undisclosed specialization is dangerous because it can cause users to distribute sensitive geopolitical content they did not explicitly review, creating misinformation, compliance, reputational, or account-enforcement risks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README promotes persistent cookie storage and detailed logs without warning that cookies are equivalent to active session credentials and logs may capture sensitive account or content metadata. This omission can lead users to store high-value authentication material insecurely and underestimate privacy or account-takeover risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The usage instructions describe fully automated publishing to live platform accounts but do not clearly warn users that running the tool will perform real posting actions, potentially across multiple platforms at once. In this skill context, the lack of an explicit safety notice increases the risk of accidental publication, policy violations, and unintended reputational or business impact.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill's basic usage indicates that running the command will automatically publish to external social platforms, but it does not present a prominent warning or confirmation step. This is risky because a single invocation can trigger irreversible public posting, reputational damage, accidental disclosure of sensitive content, or policy violations across linked accounts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation mentions persistent cookies to maintain login sessions but does not warn users that authentication tokens will be stored locally and may be sensitive. If those cookies are exposed through weak file permissions, logs, backups, or shared environments, an attacker could hijack platform accounts and publish or act as the user.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script proceeds from upload and form completion directly to clicking publish/submit buttons, without an explicit final confirmation immediately before the irreversible action. In a multi-platform auto-publishing tool, this increases the chance of accidental publication of wrong, unreviewed, or policy-violating content across user accounts, which can have immediate public and operational consequences.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script persists authenticated session cookies to local JSON files without clear warning, consent, protection, or lifecycle controls. Those cookies may allow account takeover or unauthorized posting if read by another local user, stolen from disk, committed to source control, or exposed through backups, and the risk is amplified because the skill targets real publishing accounts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script logs video title, truncated description, tags, file path, file size, per-platform activity, and the log file location to both console and persistent log files without explicit user consent or redaction. In a publishing workflow, this metadata can reveal unpublished content, campaign details, local filesystem structure, or sensitive descriptors to other local users, log collectors, or support systems.

Ssd 3

Medium
Confidence
91% confidence
Finding
The documented use of persistent cookies and detailed logs creates a real data-retention risk because authentication sessions and potentially sensitive operational data are retained on disk. In an automation tool tied to live social-media accounts, compromise of these files could enable session hijacking, unauthorized posting, or disclosure of private information.

Ssd 3

Medium
Confidence
93% confidence
Finding
The login workflow instructs users to authenticate manually and then save platform cookies, which directly encourages collection and retention of reusable session tokens. Those tokens function as sensitive credentials, and if copied from disk they may allow unauthorized access without needing the user's password or MFA step again.

Ssd 3

Medium
Confidence
90% confidence
Finding
Documenting dedicated per-platform cookie files normalizes long-term storage of high-value authentication artifacts and makes the retention model explicit. In this skill's context, these files are especially sensitive because the tool can publish content directly to multiple live accounts, increasing the consequence of theft or accidental exposure.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal