ClawHub

☯ Big8 · 玄学助手(看风水·看面相·算八字·查星座·每日一卦)

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its fortune-telling purpose, but it asks users to provide selfies for face reading while making privacy claims that are not fully scoped or verifiable.

Review before installing if you may upload selfies or other personal photos. The skill appears clean from static and VirusTotal telemetry and does not show destructive behavior, but its face-reading feature handles sensitive biometric images and its privacy wording does not clearly explain model provider processing, retention, or deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The document makes a privacy assurance that face images are not sent to any third party, while the architecture explicitly relies on a Vision Model to process uploaded photos. If that model is hosted externally, the statement is misleading and can cause users to share sensitive biometric data under false assumptions, creating privacy, consent, and compliance risk.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
Forcing all users into Asia/Shanghai time can silently produce incorrect dates, zodiac/day-based outputs, almanac results, and divination context for users in other regions. In a skill whose outputs depend on current date and time, this creates misleading personalized results and undermines user consent and accuracy, even if it is not a classic exploit path.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
Defaulting unspecified gender to male injects a sensitive personal attribute into a personalized reading without user consent. Because the skill uses gender as an input to BaZi calculation/output, this can yield incorrect or biased results and normalizes making hidden assumptions about protected or sensitive characteristics.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
Repeating a male-by-default rule in the core policy entrenches the same sensitive-attribute assumption across the skill and increases the chance it is applied consistently without user awareness. In context, this is more concerning because it affects personalized fortune analysis and may systematically misgender users or produce biased outputs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill solicits selfies for face reading and infers sensitive personal traits from facial features, but the plan does not provide a clear warning about biometric/privacy implications or meaningful consent language. This is dangerous because users may provide highly sensitive images without understanding storage, sharing, inference, or misuse risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal