ClawHub

zeelin-script-gen-skill 剧本生成

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform the advertised script-generation workflow, but it sends uploaded documents and an account key to a plain-HTTP IP service that can charge the user’s Zeelin credits.

Review before installing. Use only non-sensitive documents unless you trust the publisher and can verify the service endpoint; prefer a dedicated low-privilege App-Key, understand that generation may deduct Zeelin credits, and avoid private or proprietary manuscripts until the service uses verified HTTPS and clearer data-handling terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is described as converting uploaded local text files into scripts, but the configuration routes requests to a remote service endpoint. This creates a data exfiltration risk because sensitive user-uploaded content may be transmitted off-host without clear disclosure, necessity, or trust guarantees, which is especially risky for unpublished manuscripts or proprietary text.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The configuration depends on an external network service, but that dependency is not justified by the stated purpose of simple text-to-script conversion. In practice, this means users and reviewers may believe processing is local while the skill can send uploaded files or derived content to third-party infrastructure, increasing confidentiality, compliance, and supply-chain risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs sending both a user credential (App-Key) and the user's uploaded document to a third-party service over an external endpoint, and the example configuration uses plain HTTP for the service URL. This creates a real risk of credential exposure, document leakage, and interception in transit, especially because the uploaded content may contain sensitive unpublished manuscripts or proprietary text.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal