ClawHub

TikHub API 工具(KK版)

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but its Python fallback can run unsafe background shell commands and implicitly uses a local TikHub API key.

Review before installing. Use a dedicated TikHub API key, monitor paid usage, avoid running the CPU/background transcription path on untrusted filenames or directories, and pin or review dependencies before using the Python fallback.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
Findings (12)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
log_file = f"/tmp/whisper_{os.path.basename(audio_path)}.log"
        nohup_cmd = f"nohup {' '.join(cmd)} > {log_file} 2>&1 &"
        print(f"🚀 Whisper 后台转写启动,日志: {log_file}")
        subprocess.run(nohup_cmd, shell=True)
        print(f"📝 文字稿将保存到: {output_path}")
        print(f"⏱️  medium 模型 CPU 转写 1 分钟音频约需 1-2 分钟,请耐心等待")
        return output_path
Confidence
99% confidence
Finding
subprocess.run(nohup_cmd, shell=True)

Context-Inappropriate Capability

Low
Confidence
83% confidence
Finding
The code silently reads credentials from a fixed local .env path in the user's home directory without an explicit opt-in. In an agent skill context, implicit local secret discovery is risky because it expands the trust boundary and may cause the skill to use sensitive credentials the caller did not intend to expose.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The balance-check example reads an API key from a local .env file and transmits it in an Authorization header to an external service, but the skill does not clearly warn the user that a local secret is being accessed and sent over the network. In an agent setting, normalizing secret access plus outbound transmission without explicit consent can lead to unintended credential disclosure or unsafe reuse patterns.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The SDK example downloads remote content, writes files to /tmp, and invokes subprocesses (curl and ffmpeg) without an explicit warning that it changes the local system state. In agent-assisted workflows, undisclosed file writes and command execution are risky because they can surprise users, consume resources, and create opportunities for unsafe handling of untrusted media.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest description advertises broad multi-platform data scraping capabilities but does not define any activation boundaries, user-intent constraints, or allowed use cases. In an agent skill ecosystem, vague scope increases the chance the skill is invoked in inappropriate contexts and can enable over-collection or misuse of scraping functionality across multiple services.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Silently loading an API key from a local .env file reduces user awareness of credential access and makes secret use implicit. In agent environments, undisclosed local credential discovery can surprise users and enable unauthorized use of paid or sensitive accounts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code launches a background process with nohup without requiring explicit acknowledgment, so work continues after the immediate call returns. In an agent setting, this reduces visibility and control, and when combined with shell execution it increases the chance of unnoticed abuse or persistence-like behavior.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
openai-whisper
mlx-whisper
ffmpeg
Confidence
97% confidence
Finding
requests

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
openai-whisper
mlx-whisper
ffmpeg
Confidence
91% confidence
Finding
openai-whisper

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
openai-whisper
mlx-whisper
ffmpeg
Confidence
91% confidence
Finding
mlx-whisper

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
openai-whisper
mlx-whisper
ffmpeg
Confidence
82% confidence
Finding
ffmpeg

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
99% confidence
Finding
requests

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal