ClawHub

Toutiao Agent Skill

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed Toutiao automation package, but it can publish unattended content through a logged-in browser session with limited confirmation and safety controls.

Review this before installing if you are comfortable letting an agent post to a live Toutiao account. Use a non-primary account if possible, keep browser sessions protected, inspect restore.sh, back up any existing OpenClaw workspace knowledge/memory/temp files, and prefer manual or draft-only posting unless you explicitly want unattended scheduled publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly advertises unattended publishing, scheduled account activity, data collection, and browser cookie handling, but only provides minimal setup notes and no meaningful warning about privacy, credential exposure, platform ToS violations, account suspension risk, or misuse of stored session data. In the context of a social-media automation skill, this omission materially increases user risk because operators may enable persistent automation against a real account without understanding the security and account-impact consequences.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill clearly states elsewhere that it will auto-publish at fixed times, but the referenced section does not present that behavior as a prominent warning about acting on the user's live Toutiao account. This is dangerous because users may install or run the skill without fully appreciating that it can post unattended content under their authenticated session, creating account, reputational, and platform-policy risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs automatic reading of recent memory files and generation of a summary file in temp/, but it does not warn the user that memory data may contain sensitive operational or personal content, nor does it constrain what may be copied into the output. Because the summary is later surfaced in chat and consumed by another automated task, sensitive information can be propagated, retained, or overwritten without meaningful user review.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The note explicitly says the scheduled publishing tool should assume the user is already logged in and proceed directly to publish. That creates a real risk of unauthorized or unintended posting through an existing browser/session context, especially in an agent setting where actions may be triggered without a clear confirmation step. In this content-planning context, the instruction is operational rather than hypothetical, which makes the unsafe behavior more credible.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The guide instructs authors to use gender-specific honorifics like “妈妈” for women and “爸爸/先生” for men without any mechanism for user preference or neutral defaults. In a user-facing content system, this can lead to misgendering, stereotyping, and exclusion of users whose gender, family role, or preferred form of address does not match these assumptions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill includes explicit automation steps to copy a local file into an upload directory and then drive a browser to publish content, including the final publish click, without any user confirmation, approval gate, or safety warning. This is dangerous because an agent following the guide could exfiltrate or publish user-provided media and make irreversible account actions on a live Toutiao account without the user's informed consent at execution time.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly recommends building and testing a fully automated Toutiao posting workflow, including reusing an authenticated session, filling content, and clicking publish. That creates account- and platform-impacting actions without meaningful safeguards such as explicit human confirmation, rate limits, failure handling, or policy/compliance checks, making accidental spam, unauthorized posting, or account enforcement more likely.

Ssd 3

Medium
Confidence
93% confidence
Finding
The workflow directs the system to extract recent memory content, generate a summary, and output that learning summary to chat for user confirmation. Since the memory files are described as containing to-dos, strategy adjustments, and problem diagnoses, this can disclose private operational details or user-provided data in plain language to the chat surface without minimization or filtering.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal