ClawHub

Ebook Maker

Security checks across malware telemetry and agentic risk

Overview

This is a coherent ebook-making skill, but it needs review because it can print API keys, send prompt content to third-party image services, and persist raw project details in predictable Downloads folders.

Install only if you are comfortable with ebook topics, prompts, and generated artifacts being saved locally under Downloads and, when illustrations are enabled, prompt content being sent to the selected image provider. Before use, change API-key checks to verify presence without printing the secret, choose a safer output folder for sensitive work, and review PDFs before sharing because some settings may include local path or date information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to execute a shell command to render HTML to PDF with Chrome headless and to automatically open the generated PDF locally. While this is related to ebook generation, it lacks explicit user-consent gates, path restrictions, and safety boundaries for command construction, so a user-controlled title or path could increase the risk of unintended local command/file actions.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The skill performs broad WebSearch and WebFetch activity across multiple parallel agents without a declared network scope, domain allowlist, or user-visibility controls. Even if intended for research, unrestricted external fetching can expose user topics to third parties, retrieve unsafe or irrelevant content, and expand the skill's operational surface beyond what users may expect.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases are broad and overlap with ordinary conversation, making accidental activation plausible. Mis-triggering increases the chance of unintended web research, file creation, or PDF generation without sufficiently clear user intent, which is especially concerning given the skill's downstream local and network actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states that research reports are automatically saved to ~/Downloads/调研报告/, but it does not provide a clear, centralized disclosure to the user before writing files locally. Silent writes to a common Downloads directory can expose sensitive topics to other local users, backups, indexing systems, or later unintended sharing.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill generates PDFs, opens them automatically, and saves work reports, yet there is no consolidated user notice or consent step covering these local file and application-launch actions. Auto-opening files and persisting reports can surprise users and create privacy or workflow disruption risks.

Ssd 3

Medium
Confidence
94% confidence
Finding
The work report template explicitly stores the user's original request and inferred parameters, which can include sensitive personal, business, or proprietary information. Persisting this data in local markdown reports increases the risk of long-term retention, unintended disclosure, and later misuse unrelated to the immediate task.

Ssd 3

Medium
Confidence
90% confidence
Finding
Saving the full illustration prompts for each generated image can capture sensitive details provided by the user, including names, internal concepts, or proprietary product ideas. Because these prompts are written into a persistent work report, the skill creates unnecessary local data exposure beyond what is needed to deliver the ebook.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill globally mandates saving research, ebook files, illustrations, and work reports to a fixed Downloads directory, compounding the privacy risks from stored prompts and user requests. A predictable, user-accessible location increases exposure through desktop search, sync services, shared machines, and accidental disclosure, making the context more dangerous than transient task-only storage.

External Transmission

Medium
Category
Data Exfiltration
Content
### 选项 B:SeedDream API(火山引擎方舟)

```
工具:HTTP API(curl 或 Python SDK)
模型:seedream-5-0-260128(最新)/ doubao-seedream-4-5-251128(稳定)
端点:https://ark.cn-beijing.volces.com/api/v3/images/generations
认证:ARK_API_KEY 环境变量
Confidence
89% confidence
Finding
curl 或 Python SDK) 模型:seedream-5-0-260128(最新)/ doubao-seedream-4-5-251128(稳定) 端点:https://ark.cn-beijing.volces.com/api/v3/images/generations 认证:ARK_API_KEY 环境变量 ``` **调用前检查**: ```bash echo $ARK_API_K

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal