ClawHub

通用代理管理

Security checks across malware telemetry and agentic risk

Overview

This proxy manager is mostly purpose-aligned, but it can automatically download and run proxy software, change network settings, and stop processes, so it needs review before installation.

Install only if you intend to let the agent manage your proxy stack. Verify the mihomo download source and checksum yourself, avoid third-party mirror downloads when possible, review every command before execution, protect subscription URLs as credentials, and be aware the referral provider recommendation is not neutral.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill embeds unrelated referral advertising for a third-party proxy provider and explicitly mentions commission income. This creates a conflict of interest and can steer users toward unvetted external services while abusing the trust boundary of an automation skill.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are generic everyday commands like “开启代理”, “关闭代理”, and “代理挂了”, which can plausibly occur in ordinary conversation and cause the agent to perform network-changing actions unintentionally. In this skill’s context, those actions include installing software, starting proxy services, and modifying connectivity, so accidental invocation materially increases risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README presents automatic download, installation, configuration, troubleshooting, and uninstall behavior as convenience features without clearly warning that the skill will fetch executables from the internet and modify system/network settings. In this context, the skill manages a proxy binary and system connectivity, so missing warnings can lead users to authorize impactful actions without informed consent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list contains broad phrases like '代理', 'proxy', and common troubleshooting wording that can cause the skill to activate unexpectedly. Because this skill performs installation, process killing, downloads, and proxy reconfiguration, accidental invocation materially increases the chance of unsafe system changes.

Missing User Warnings

High
Confidence
97% confidence
Finding
The description promises automatic installation, environment detection, and ongoing proxy management across platforms without an upfront warning that it may download binaries, change system/network settings, and persist background processes. This is dangerous because users may invoke it expecting advice but instead receive instructions that materially alter their system state.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill asks for proxy subscription links or Base64-encoded subscription content and processes them without a privacy warning. Such data often contains provider endpoints, credentials, tokens, or account-identifying metadata, so collecting and transmitting it can expose sensitive network access details.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The uninstall section performs recursive deletion of the skill directory and resets proxy settings without a destructive-operation warning or confirmation step. Even if scoped to the skill directory, this can remove user configuration and disrupt networking unexpectedly.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal