ClawHub

知乎发帖 (Zhihu Post via Browser Relay)

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to post to Zhihu, but it can use a logged-in browser session to publish live content with under-scoped confirmation and safety controls.

Review this skill carefully before installing. Use it only if you are comfortable letting an agent operate a logged-in Zhihu browser tab, upload prepared files, and potentially publish public content. Prefer a workflow where the agent drafts or fills the post, shows the exact title/body/media, and asks for explicit approval before clicking publish.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly states that the skill takes over the user's logged-in Chrome tab and directly publishes content to Zhihu, but it does not warn about irreversible account actions, accidental posting, or the need for explicit user confirmation before publication. In this context, the skill is designed to perform real external actions on a user's account, so missing safety messaging materially increases the chance of unintended posts, reputational harm, or misuse of the user's authenticated session.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger list includes broad natural-language phrases such as '帮我发知乎' and similar everyday variants that can match casual conversation too easily. Because this skill performs a real public posting action in the user’s authenticated browser, overbroad activation increases the chance of unintended invocation and accidental publication.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill does not prominently warn that it will create a real public post on the user’s Zhihu account using their live logged-in browser session. In this context, missing disclosure is dangerous because users may treat it like drafting assistance, while the automation can immediately publish content, affecting reputation, privacy, and account integrity.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The snippet programmatically locates a publish button and clicks it without embedding any warning that this triggers a live post on the user's account. In the context of a browser-automation skill whose purpose is posting to Zhihu, this increases the chance of accidental or unintended publication, especially if reused blindly by an agent or operator.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal