ClawHub

閱讀助手

Security checks across malware telemetry and agentic risk

Overview

This reading assistant has a coherent purpose, but it uses very broad triggers and includes optional unattended sharing of private reading content that users should review before installing.

Install only if you are comfortable with the skill storing EPUB contents, generated summaries, and reading history in the OpenClaw workspace. Avoid enabling the cron reminder, Notion sync, or messaging-platform push unless you explicitly want private reading data or book-derived summaries sent to those services and know how to turn it off.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill writes imported book data, extracted chapters, and reading progress to the local filesystem, but it does not declare corresponding permissions. Undeclared write capability weakens user consent and platform enforcement because the skill can persist potentially sensitive reading history and book contents without an explicit permission boundary.

Vague Triggers

High
Confidence
91% confidence
Finding
The trigger list includes very broad everyday terms such as '書', '閱讀', 'chapter', and 'library', making accidental invocation likely during unrelated conversations. In an agent environment, unexpected activation can cause unintended file access, summary generation, or progress updates against the user’s stored library.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The import flow can be activated by generic single-word prompts like '匯入' or 'import', which are ambiguous and may appear in unrelated contexts. Because import leads to package installation, file parsing, and persistent writes, accidental activation has greater consequence than a read-only action.

Vague Triggers

High
Confidence
93% confidence
Finding
Summary triggers like '摘要', '繼續', '下一章', and 'summary' are highly generic and likely to match normal conversational requests. Since this module reads local chapter files and updates progress.json, accidental invocation can expose book content and alter persistent reading history without clear intent.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Progress-check triggers like '進度' and 'progress' are underspecified and can collide with many unrelated workflows. Although this module is lower risk than import, unintended activation can still reveal sensitive reading habits or titles from the user’s private library.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The scheduled reminder configuration automatically reads the user's library state, processes the next chapter, and pushes content to external messaging platforms, but the skill does not require explicit informed consent for ongoing access and outbound delivery. This creates a privacy risk because reading history and book-derived content may be transmitted regularly without sufficient warning or per-channel confirmation.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal