ClawHub

百家号发布器

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Baijiahao publishing automation tool, but users should treat publish and draft actions as real account changes.

Install only if you intend to let this skill use a Baidu/Baijiahao auth or cookie file to operate your account. Test with open-only, draft, or keep-open flows first, verify the active account and article content, and use --publish only when you deliberately want a public post.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill is explicitly designed to automate actions on a live Baijiahao account, including saving drafts and publishing posts, but the description does not warn that this causes external side effects on the user's account. In an agent setting, missing disclosure increases the risk of unintended publication, reputational harm, or irreversible account actions being triggered from a vague request.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The natural-language examples encourage requests like 'open Baijiahao and publish' without stating that the assistant must obtain clear, per-action confirmation before publishing. Because the skill accepts existing login cookies and can directly publish content, ambiguous NL invocation materially increases the chance of accidental or unauthorized external posting.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script can perform state-changing actions on a live Baijiahao account by reusing existing authentication material and then automatically clicking “发布” or “存草稿” with no second-factor confirmation, dry-run mode, or interactive approval gate. In this skill’s context, that behavior is the core feature, but it also makes unintended or unauthorized publication easy if the tool is invoked with attacker-controlled inputs, stale assumptions, or misused local cookies.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal