ClawHub

Weibo Hot Search Anonymous

Security checks across malware telemetry and agentic risk

Overview

The skill is meant to fetch public Weibo trends, but it also controls a local browser profile and can terminate browser debugging processes without clear user control.

Install only if you are comfortable with the skill launching and controlling Chrome/Edge through a debugging port. Avoid logging into Weibo in the automation profile unless you intentionally want that session saved, and do not allow automatic browser-process killing unless you have checked it will not interrupt other work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill invokes code with environment-variable and network capabilities, but does not declare any corresponding permissions or clearly bound its operational scope. Undeclared capabilities reduce transparency and make it harder for a host system or user to evaluate what the skill can access, which is a real security concern even if the stated purpose is only fetching public data.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill claims anonymous, no-login scraping, but its own instructions rely on controlling a local Chrome/Edge instance and allow use of a persistent browser profile directory. In practice, this can reuse existing cookies or authenticated sessions and may expose browsing context, making the anonymity claim misleading and increasing the risk of unintended account/session access.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The utility inspects the full local process list and includes functionality to terminate Chrome processes associated with a profile directory. For a skill whose stated purpose is anonymously fetching Weibo hot-search data, this is broader host-level control than necessary and can disrupt unrelated browser activity or affect a user's existing browsing session if the profile path overlaps or is misconfigured. The skill context makes this more concerning because anonymous data retrieval does not inherently require enumerating and killing local processes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The troubleshooting guidance tells the agent to automatically kill Chrome/Edge debugging processes and retry without user confirmation. Force-terminating browser processes is a disruptive local action that can cause loss of work, session interruption, or termination of unrelated browser automation owned by the user or other applications.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill launches or reuses Chrome with a user profile directory and attaches via the DevTools protocol, which grants powerful access to page content and authenticated browser state in that profile. In this context, the risk is elevated because the skill advertises anonymous access but may actually rely on an existing logged-in session or ask the user to log in, creating access to sensitive browsing/session data without clear upfront disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The helper unconditionally sends SIGTERM to any process whose command line contains both the provided profileDir and a remote debugging flag, without user-facing warning or consent. This can terminate legitimate local browser sessions and may cause data loss or session disruption, especially if an environment override points to a shared or user-controlled profile path. In this skill's context, silently killing browser processes is unnecessary and disproportionate to the benign task of reading public trending data.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal