ClawHub

AI Info Digest

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed workflow for browsing public article sources and saving a local digest, with scope and persistence caveats but no evidence of hidden or harmful behavior.

Install this only if you want an agent to browse Zhihu, publisher websites, and search results for the configured accounts. For vague requests such as a generic reading summary, ask it to confirm the source list and date range first. Expect it to save a markdown digest in your Documents folder unless you instruct it not to.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger phrases are intentionally broad enough to match generic requests like '整理最近的文章' or '这周的阅读摘要', which can cause the skill to activate when a user did not intend WeChat-public-account processing. Because the skill then reads local configuration, performs external browsing, and may save output files, unintended invocation expands both data exposure and side-effect risk beyond the user's likely expectations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to write a markdown file into the user's Documents directory automatically, without an explicit opt-in at execution time. Unprompted filesystem writes are a security and trust concern because they create persistent artifacts, may overwrite existing notes if naming collides, and violate the principle of minimizing side effects unless the user has clearly consented.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal