ClawHub

极星会活动自动化参与

Security checks across malware telemetry and agentic risk

Overview

The skill is not hidden malware, but it asks an agent to collect and submit account-linked data and full-screen desktop screenshots without enough privacy controls.

Review carefully before installing. Use it only if you are comfortable with an agent navigating Baidu Cloud and an activity page, collecting your account ID, saving full-screen screenshots, and uploading those screenshots. Close private windows and notifications first, inspect or redact screenshots before upload, confirm the destination page, and avoid letting the agent repeat the full account ID in chat or reports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger language includes broad phrases like '或类似表达时触发', which can cause the skill to activate on loosely related requests. Because the skill performs sensitive actions such as collecting screenshots and account identifiers, unintended invocation could lead to privacy-invasive automation or data submission without sufficiently specific user intent.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill directs capture of full-screen screenshots with the desktop background visible, but does not clearly warn that screenshots may include unrelated personal data, notifications, files, browser tabs, tokens, or system information. This creates a direct privacy and potential credential-exposure risk because the images are then saved and uploaded as part of the workflow.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs retrieval and submission of the user’s Baidu Cloud account ID without a clear privacy notice or explicit consent checkpoint. Even if the ID is not a password, it is still account-linked data that can be used for correlation, profiling, or unintended disclosure when combined with screenshots and activity participation records.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill automates collection and onward submission of account-linked data and full-screen screenshots to a third-party activity flow. This is dangerous because it combines sensitive desktop imagery with identifiable account information, creating a meaningful risk of privacy leakage, oversharing, and accidental disclosure of unrelated confidential data.

Ssd 3

Medium
Confidence
97% confidence
Finding
Requiring full-screen desktop images with the background clearly visible materially increases the chance of exposing sensitive personal or business information that is unrelated to the activity. Because the workflow later submits these images, the risk is not theoretical: it creates a direct path for data leakage to an external service.

Ssd 3

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to extract the user’s Baidu Cloud account ID and include it in submission and reporting flows. This is sensitive account-linked data handling, and the combination of extraction, reuse, and reporting increases exposure risk if logs, reports, or submissions are mishandled.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal