ClawHub

Deepsop Kuaishou 工作台

Security checks across malware telemetry and agentic risk

Overview

This Kuaishou uploader matches its stated purpose, but it automatically installs and runs unpinned third-party automation code from multiple mirrors before using accounts that can publish content.

Review before installing. This skill is not clearly malicious, but first use can download and run third-party automation code, including from proxy or mirror domains, and it can store login state used to publish to Kuaishou. Prefer a pinned, verified source and run uploads only after checking the target account, media files, title, text, and schedule.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The skill is presented as a Kuaishou uploader, but the runtime instructions prepare and validate a broader multi-platform automation project with commands for Douyin, Xiaohongshu, and Bilibili. Expanding the installed and invokable surface beyond the declared purpose increases unnecessary capability and risk, especially since the agent is instructed to automatically set up and run third-party automation tooling.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The documentation instructs the agent to automatically clone executable code from multiple alternate mirrors, including third-party proxy and mirror domains, without any integrity verification. This creates a software supply-chain risk: a compromised mirror or proxy can deliver modified code that the agent will then execute locally via uv.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly states that the platform will automatically clone an external repository and prepare dependencies on first use, but it does not clearly warn users that this results in code download, installation, and execution on their system. In a skill that handles account login and content upload, this is more dangerous because it introduces a supply-chain and remote-code-execution trust boundary before the user has been properly informed.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This script performs login, account checking, and content uploads automatically by invoking external CLI commands in sequence without any interactive confirmation, dry-run mode, or safety prompt. In the context of social-media automation, this can cause unintended account actions or unauthorized posting if the script is triggered with real credentials or modified inputs, making accidental misuse more likely even if the example itself is not overtly malicious.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal