内容捕手 Content Hunter

Security checks across malware telemetry and agentic risk

Overview

This content-scraping skill is mostly coherent, but it needs Review because it can persist scraped data, use logged-in browser sessions, post reports to a fixed group, and delete scheduled jobs automatically.

Install only if you intentionally want recurring browser-based scraping of these platforms, are comfortable using a logged-in account, control the fixed destination group, and are prepared to review or disable cron jobs and delete stored archives when they are no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The manual trigger phrases are broad natural-language commands like '抓取热门内容' and '生成内容汇报', which can easily overlap with ordinary user requests. In an agent environment, this increases the chance of unintended activation of scraping and reporting behavior, causing unauthorized browsing, collection, or scheduled execution without clear user consent boundaries.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README advertises multi-platform content scraping, scheduled reporting, and historical archival, but does not provide an explicit privacy notice, retention policy, or user warning about what data is stored and for how long. This omission can lead users to unknowingly persist scraped content and summaries on disk, creating privacy, compliance, and local data exposure risks.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrases are broad, generic requests such as '抓取热门内容' and '生成内容汇报', which can overlap with ordinary conversation and cause the skill to activate without clear user intent. In this skill's context, accidental activation is more dangerous because it initiates scraping across third-party platforms, accesses logged-in content, stores persistent data, and can later send reports to a group.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill description does not warn users that it may scrape content from authenticated sessions, retain that content in persistent workspace files, and send summaries or raw-data links to a group. Missing disclosure meaningfully increases the risk of users unknowingly authorizing collection and redistribution of data from personal or privileged browsing sessions.

Natural-Language Policy Violations

High

Confidence: 97% confidence
Finding: The skill hard-codes a single destination group ID and states all reports must only be sent there, without requiring user opt-in at execution time. This is dangerous because scraped data, including potentially sensitive logged-in content or derived summaries, can be exfiltrated to a fixed external recipient even when the requesting user did not approve that destination.

Session Persistence

Medium

Category: Rogue Agent
Content: 工作空间 / Workspace：`~/.openclaw/workspace/content-hunter/` **重要：每次任务新建独立子文件夹，不覆盖历史数据！** / **Important: Create new subfolder for each task, NEVER overwrite historical data!** ``` content-hunter/
Confidence: 84% confidence
Finding: Create new subfolder for each task, NEVER overwrite historical data!** ``` content-hunter/ ├── task-2026-03-11-0900/ # 任务1：按时间命名 │ ├── xiaohongshu.md │ ├── douyin.md │ ├── bilibili.md │ └

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal