ClawHub

全球12亿文献知识库(8千万中文期刊可下载)

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for literature search, but it needs review because it auto-registers users with an email, consumes quota, persists that email, and includes payment flows.

Install only if you are comfortable providing an email to SmartLib, having that email stored locally in the skill config, using a quota-metered external service, and seeing recharge prompts when quota runs out. Review payment details before selecting a plan or scanning any QR code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The usage examples instruct the agent to download papers into local output directories without clearly warning that the skill writes files to disk and may do so in bulk. In an agent environment, undisclosed filesystem side effects can surprise users, consume storage, and create unsafe persistence behavior, especially when combined with automated parallel downloads.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The README advertises very broad natural-language activation for literature-search behavior, which increases the chance the skill is invoked unintentionally during ordinary academic or planning conversations. Because the skill can trigger networked actions, quota consumption, and downstream account/payment flows, ambiguous invocation creates a real risk of unintended external actions rather than being a purely UX issue.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Using a generic phrase like '充值' as the trigger for a payment flow is unsafe because it can appear in ordinary conversation unrelated to a purchase decision. In this skill, that phrase leads directly to plan selection and QR-code payment generation, so accidental triggering could push users into monetization flows without sufficiently explicit consent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The English trigger 'recharge' is overly broad and can be used in many benign contexts, making accidental activation plausible. Since this phrase is tied to a payment workflow, broad matching increases the chance of unsolicited commercial prompts or payment initiation in unrelated conversations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README states that missing credentials will trigger automatic registration via a gateway, but it does not clearly warn users that their data may be transmitted to a third party or that an account may be created on their behalf. Silent account creation and external data transmission are security and privacy concerns because they can expose user identifiers, conversation-derived search terms, and create persistent third-party relationships without informed consent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list is extremely broad and includes common phrases such as requests to write literature reviews or find supporting citations, which increases the chance the skill is invoked when users did not intend to enter a paid, registration-gated workflow. In this skill, unintended invocation is more dangerous because activation can lead to email collection, external gateway registration, quota consumption, and recharge prompts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to collect a user's email and write it into config.json, but the user-facing description does not clearly disclose that this identifier will be persisted locally. Persisting personal data without prominent notice and consent creates a privacy risk, especially because config files may be readable by other components, logs, or future sessions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes auto-registration, quota checks, and OA retrieval workflows but does not clearly warn users that their email is sent to an external gateway and potentially downstream third-party services. In context, this matters because the skill is designed to automatically initiate external service interactions tied to a personal identifier and payment-related account state.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal