ClawHub

表达层

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed content-orchestration workflow, but it can route drafts to WeChat publishing without clearly documented approval and privacy guardrails.

Review before installing. Use this skill only if you are comfortable with an agent routing generated content toward a WeChat public-account publishing workflow, and require a manual preview plus explicit confirmation of destination, account, and visibility before any draft is pushed or post is published.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly supports publishing generated content to a WeChat public account ('把刚才的分析写成公众号文章发出去' and the `wechat` → `wechat-publisher` route) without any warning, confirmation requirement, or disclosure that content may be sent to an external platform. In an agent setting, this creates a real risk of unintended data exfiltration, accidental publication of sensitive material, or user surprise about external actions.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manifest description is extremely broad and explicitly says the skill should trigger for content generation, format conversion, and multi-form output without requiring a prior reasoning layer. In an agentic environment, this increases the chance of accidental invocation on common user requests, which can cause unintended routing to downstream tools and workflows, especially because the skill also has access to execution and publishing-related capabilities.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises routing user-provided content directly into publishing tooling, including a wechat publishing path, but does not state that publication is an external side effect requiring explicit confirmation. In practice, this can lead to accidental disclosure, unauthorized posting, or premature publication of sensitive or unreviewed content if the orchestration is triggered automatically.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The example says to take prior analysis, write it as a public article, and 'send it out' through the publishing workflow, but it includes no caution, review checkpoint, or confirmation requirement. Examples strongly shape agent behavior, so this normalizes direct publication and makes accidental or unauthorized external posting more likely.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document explicitly describes storing usage frequency, difficulty, and iteration markers in a feedback loop, but provides no notice, consent boundary, retention policy, or minimization guidance. In an orchestration spec, this can normalize silent collection of interaction metadata and lead downstream implementers to persist user-related behavioral data without transparency or governance.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow includes routing content to a WeChat publisher and pushing a draft externally, but it does not warn about the consequences of external publication, such as irreversible disclosure, platform sharing, or accidental release of sensitive or unreviewed content. Because this skill is designed for publishing, the missing guardrails are more dangerous than in a purely internal formatting tool.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal