ClawHub

lingzao

Security checks across malware telemetry and agentic risk

Overview

Lingzao is mostly a coherent public creator-research skill, but it should be reviewed because it instructs agents to update the installed skill from an unpinned remote CDN and uses external API credentials.

Install only if you trust the Lingzao API service and its CDN update source. Before allowing the agent to run any `npx skills add ... -g --copy` update command, review and approve it explicitly; prefer a pinned or verified release if available. Treat search keywords, profile URLs, post URLs, and downloaded subtitle artifacts as data shared with the Lingzao service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill directs the agent to run shell commands, access environment variables, read and write local files, and make network requests, but it does not declare permissions or constrain those capabilities. This creates an implicit trust boundary failure: an operator or framework may treat the skill as lower-risk than it really is, while the documented commands can modify local state, contact remote infrastructure, and download artifacts to disk.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill combines a broad default prompt ("Use $lingzao to research public creator content") with implicit invocation enabled, which creates an overly permissive trigger surface. This can cause the agent to invoke the skill from loosely related user requests and send user intent or query data to external research tooling without sufficiently clear scoping or user confirmation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal