ClawHub

Cnki

Security checks across malware telemetry and agentic risk

Overview

This CNKI research helper is a disclosed browser-based workflow for searching, downloading, and exporting citations, with expected side effects users should understand before use.

Install only if you are comfortable letting the agent control a Chrome session logged into CNKI. Confirm downloads and RIS files go where you expect, and verify the Zotero export scope before using batch export, especially for private or institution-linked research.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The report documents download and export commands that can transfer data to the local system or external tools, but it gives no warning about side effects, destination, scope, or user-consent expectations. In an agent skill context, this can normalize actions that write files or send bibliographic data without explicit confirmation, increasing the risk of unintended data transfer or surprising system changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The batch export optimization explicitly mentions invoking a shell command ('bash → 推送到 Zotero') without any safety notice, confirmation step, or constraint on what is executed. In a skill ecosystem, undocumented shell execution is particularly risky because it can lead to arbitrary local side effects, external data transmission, or command misuse if later implemented from untrusted inputs.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly supports downloading PDF/CAJ files and states that the download will begin, but it does not warn the user that files will be written to the local browser download directory or describe storage implications. In an agent-driven workflow, this can cause unintended local file creation, persistence of potentially sensitive papers, or confusion about where artifacts are stored, especially when the URL argument may be omitted and the current page context is used.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents exporting RIS files and pushing citations to Zotero without clearly warning that data will be written to a local file or transmitted into an external application. This is risky because bibliographic data derived from the current page or a batch selection may be exported unexpectedly, causing unintentional data propagation, privacy issues, or modification of a user's external research library.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal