ClawHub

多平台内容分发器

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed content-drafting tool that sends user prompts to a configured OpenAI-compatible API and saves generated drafts locally.

Install only if you are comfortable sending topics, points, and draft context to the OpenAI-compatible provider you configure. Use a trusted OPENAI_BASE, consider a limited-quota API key, avoid confidential or regulated inputs unless approved, review generated claims before publishing, and delete or redirect the local output folder when drafts are sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tainted flow: 'OPENAI_BASE' from os.environ.get (line 31, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
log(f"  调用 {OPENAI_MODEL} 生成 {cfg['name']} 内容...")

    try:
        resp = requests.post(
            f"{OPENAI_BASE}/chat/completions",
            headers={
                "Authorization": f"Bearer {OPENAI_API_KEY}",
Confidence
95% confidence
Finding
resp = requests.post( f"{OPENAI_BASE}/chat/completions", headers={ "Authorization": f"Bearer {OPENAI_API_KEY}", "Content-Type": "applica

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation advertises capabilities that use environment variables, write files, and call an external API, but it does not declare permissions or clearly scope those behaviors. This creates a trust and review gap: users may run the skill without realizing it accesses secrets, persists generated data locally, and transmits content over the network.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to configure an API key and use a remote model API, but it does not clearly disclose that user-supplied topic and points content will be transmitted to an external third-party service. This can lead to unintentional disclosure of sensitive or proprietary content if users assume processing is local.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that generated content is automatically archived and viewable later, but it does not warn users that their prompts and outputs will be stored on disk. If users process sensitive drafts, business plans, or unpublished campaign material, this can lead to unintended local data retention and later exposure to other users, backups, or malware.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The configuration requires an OpenAI API key and implies use of a remote model provider, but it does not warn that user prompts, points, and generated content may be sent to an external API. This is a meaningful privacy and compliance risk, especially if users submit confidential business, personal, or regulated content under the assumption that processing is local.

External Transmission

Medium
Category
Data Exfiltration
Content
log(f"  调用 {OPENAI_MODEL} 生成 {cfg['name']} 内容...")

    try:
        resp = requests.post(
            f"{OPENAI_BASE}/chat/completions",
            headers={
                "Authorization": f"Bearer {OPENAI_API_KEY}",
Confidence
90% confidence
Finding
requests.post( f"{OPENAI_BASE}/chat/completions", headers={ "Authorization": f"Bearer {OPENAI_API_KEY}", "Content-Type": "application/json"

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal