ClawHub

ZeeLin 知乎自动发布

Security checks across malware telemetry and agentic risk

Overview

This skill openly drafts and publishes Zhihu articles after user confirmation, with no evidence of hidden persistence, unrelated data access, or deceptive behavior.

Install only if you are comfortable letting an agent post to your Zhihu account. Review the generated article before replying '发布', attach Browser Relay only to the intended Zhihu editor tab, and avoid leaving a broad or long-lived Zhihu access token in shared environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill invokes shell-based publishing scripts and reads/writes local files, but does not declare permissions accordingly. This weakens user/admin review because the manifest understates the skill's real capabilities, making sensitive actions like browser automation and file handling less visible before installation or invocation.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The description frames the skill mainly as research and drafting assistance, but the body also instructs direct article publication through API or browser automation. That mismatch can cause users to invoke the skill for drafting or research while underestimating that it may perform an outbound publish action, increasing the risk of unintended content posting to a live account.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script adds a direct API publishing path that bypasses the skill’s stated browser-based confirmation model. In this skill context, that weakens the user-consent boundary: once a token is present, content can be posted programmatically without the explicit in-browser review/click flow promised to the user.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Introducing OAuth bearer-token handling expands the skill’s privileges beyond the described browser-login workflow and creates a reusable credential path for unattended posting. If the token is exposed through environment leakage, logs, subprocess inspection, or broader agent access, an attacker or compromised component could publish as the user without further interaction.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match ordinary writing or news-summary requests, yet the skill can escalate to account actions like auto-filling and publishing on Zhihu. Over-broad activation increases the chance of accidental engagement of a publishing-capable workflow when the user may only want research or a draft.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill directs the agent to fetch third-party webpages for article generation but does not prominently warn users that their topic/request may be sent to external sites. This creates a privacy and data-handling risk, especially if prompts include sensitive subjects, internal plans, or identifying details that become part of search/fetch activity.

External Transmission

Medium
Category
Data Exfiltration
Content
## 知乎 API 在哪调

- **开放平台**:https://dev.zhihu.com/ — 注册应用、OAuth 2.0 获取 `access_token`。**注意**:知乎发布 API 目前仅对内侧用户开放,多数用户无法使用。
- **发布文章接口**(内侧):一般为 `POST https://api.zhihu.com/v4/articles`。未开放前请用下方「网页端直接发布」。
- **本 skill 发布方式**:
  1. **API 发布**(仅内侧可用):若环境变量已设置 `ZHIHU_ACCESS_TOKEN`,使用 `scripts/publish_via_api.sh`。
  2. **网页端直接发布(推荐)**:使用 `scripts/publish_article.sh`,在**已打开的知乎写文章页**上填表并点击发布;配合 **Browser Relay** 可大幅缩短耗时、降低 request timed out(见下)。
Confidence
87% confidence
Finding
https://api.zhihu.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal