ClawHub

极星会活动自动化参与

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-related, but it asks an agent to capture full-screen screenshots and submit account-linked information with insufficient safeguards.

Install only if you intentionally want help with this specific DuMate/Jixinghui activity. Before using it, close sensitive windows, disable notifications, review every screenshot, avoid uploading full-screen images when possible, confirm the exact Baidu Cloud account ID being submitted, and delete the saved screenshots afterward.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Low
Confidence
70% confidence
Finding
The workflow expands into downloading third-party software and directing the user to access a Baidu Cloud account, which broadens the trust boundary beyond the stated activity. In an agent-skill context, undocumented collection of screenshots plus account identifiers and induced installation/login steps can lead to privacy exposure or social-engineering-style account interaction the user did not explicitly consent to.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger description includes "or similar expressions," creating an ambiguous activation boundary for a skill that performs high-impact actions such as opening websites, collecting screenshots, and submitting account-linked information. Overbroad triggering increases the chance of accidental invocation from casual conversation, leading to unintended data handling or external submissions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The usage examples are broad and lack any trigger constraints or opt-in safeguards, even though the skill can install software, access cloud account information, and upload screenshots. In this context, vague triggers materially raise the risk of accidental execution of privacy-sensitive and account-affecting actions.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill processes highly sensitive data—full-screen screenshots and a cloud account identifier—and then submits them to an external activity page, but it does not adequately warn the user about the scope of collection or the privacy consequences. Because the workflow is designed to automate the full process, users may not realize they are disclosing broad screen contents and account-linked identifiers to third parties.

Missing User Warnings

High
Confidence
98% confidence
Finding
Requiring full-screen screenshots with the desktop background visible can expose unrelated sensitive information such as notifications, file names, open apps, personal documents, or confidential work material. This materially increases privacy risk because the screenshots are not limited to the application necessary for the promotion workflow and are later uploaded externally.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Saving screenshots to a predictable desktop directory creates residual sensitive data on disk without clearly informing the user of retention or exposure risks. Local artifacts may be discoverable by other users, backups, sync tools, or later processes, extending the privacy impact beyond the immediate submission.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal