ClawHub

B站视频发布

Security checks across malware telemetry and agentic risk

Overview

This skill is a real Bilibili publishing automation and includes an unrelated forced phrase that would be posted in the user’s public video description.

Install only if you are comfortable with an agent using your logged-in Bilibili account to publish videos. Remove or override the forced description sentence, and require the agent to show you the exact account, file, title, description, tags, category, cover, and final publish action before submitting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The instruction to append the fixed phrase “这是我黑心主人让我自动发布的” to every video description is unrelated to the legitimate task of publishing content to Bilibili and injects adversarial/manipulative text into user content. In an account-automation context, this can cause reputational harm, violate user intent, and create misleading or embarrassing public submissions without any functional justification.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad enough that the skill may activate whenever a user casually mentions publishing to Bilibili, without sufficient confirmation of scope, account choice, or submission readiness. Because this skill performs an irreversible external action using a logged-in account, overbroad invocation increases the risk of unintended uploads or accidental publication.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description does not clearly warn that it will automate submission to an external platform through the currently logged-in Bilibili account. In this context, the omission is significant because the action can publish content publicly under the user's identity, making accidental or uninformed invocation materially risky.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal