ClawHub

一键将任意文章结构化总结到个人飞书知识库

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it claims, but it can automatically upload articles and chat summaries to Feishu without a review step.

Review before installing. Use it only if you are comfortable with a one-command workflow that can fetch web pages, summarize content, and write to your Feishu workspace using your lark-cli login. Avoid using it on confidential chats, internal URLs, credentials, regulated data, or private/copyrighted articles unless you add a preview and confirmation step first. Protect the .wiki-config and .wiki-tree files because they contain Feishu workspace and document identifiers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly promotes a fully automatic pipeline that fetches content, summarizes it, classifies it, and writes it into Feishu, but it does not warn users that article contents, metadata, and potentially sensitive text will be transmitted to external services and stored remotely. This creates a real privacy and data-governance risk, especially when users may assume they are only invoking a local summarization workflow.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The `--chat` / "整理到飞书" mode archives the current conversation to Feishu with '全程零操作' and '不问你确认', which is especially dangerous because chats often contain private, confidential, or credential-adjacent information not intended for long-term external storage. The skill context makes this more dangerous, not less, because it is a knowledge-management tool that encourages frictionless archival and normalizes sending conversational data to a third-party platform without an explicit warning or consent checkpoint.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase '帮我处理文章' is broad enough to match ordinary conversation and may activate a workflow that performs network fetches, shell commands, local file writes, and Feishu uploads. In this skill's context, accidental activation is risky because the workflow is explicitly designed to run automatically without further confirmation.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs the agent to execute curl/lark-cli/mkdir/rm commands and to write content and images to Feishu automatically, yet it minimizes or omits a clear warning about the scope of data handling and system-side effects. This is dangerous because users may unknowingly trigger exfiltration of conversation/article content and filesystem changes in a single uninterrupted flow.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script accepts an arbitrary URL from the command line and fetches it with a real browser, but provides no validation, restriction, or user disclosure about making outbound requests. In an agent skill that processes user-supplied article links, this can enable server-side request forgery behavior, access to internal network resources, or unexpected requests to sensitive endpoints using the agent's network position.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill directs automatic archiving of current conversation content to Feishu '不中断不确认', which can transmit sensitive user prompts, internal context, or confidential discussion without a just-in-time consent checkpoint. Because the destination is an external knowledge base, the privacy and data-governance risk is substantial.

Ssd 3

Medium
Confidence
96% confidence
Finding
The trigger phrase '整理到飞书' directly enables extraction of '核心洞察' from the conversation and transmission to Feishu. In context, this is more dangerous than ordinary summarization because it turns live chat content into persistent external records, potentially capturing confidential or regulated information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal