ClawHub

Daily Beauty

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its stated image-fetching purpose, but it can send results to a hard-coded Feishu user and has broad triggers that could run the workflow unintentionally.

Review before installing. Use it only if you are comfortable with Xiaohongshu searches, local image downloads, persistent deduplication records, and image conversion on remote files. Remove or change the hard-coded Feishu recipient and require confirmation before sending messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
f.write(resp.content)
                
                # 转换为 PNG
                subprocess.run(
                    ["convert", str(webp_path), str(png_path)],
                    capture_output=True,
                    check=True
Confidence
93% confidence
Finding
subprocess.run( ["convert", str(webp_path), str(png_path)], capture_output=True, check=True )

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase "美图" is generic and likely to collide with ordinary user requests about images, aesthetics, or unrelated content. Because this skill performs network retrieval and file/state updates, accidental invocation can cause unexpected external access and side effects without clear user intent.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger "看美女" is ambiguous, conversational, and not clearly scoped to this specific skill. In context, unintended activation is more concerning because the skill fetches content from a third-party platform and stores deduplication data, turning casual chat into networked, state-changing behavior.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The phrase "推荐美女" is broad enough to match normal recommendation-style conversation, so the skill may activate when the user did not intend to run an automated scraping/download routine. Given that the skill also pushes content to Feishu, an accidental match could lead to unanticipated outbound messaging and privacy issues.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documentation describes downloading images and updating local deduplication files, but does not clearly warn users about these side effects before execution. This weakens informed consent and auditability, especially because the workflow also interacts with third-party content sources and may later send material through Feishu.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script downloads arbitrary remote image content selected through external search results and writes it into the user's workspace without confirmation or validation. In skill contexts, silent writes of attacker-influenced content can expose users to storage abuse, unsafe downstream processing, and trust-boundary violations, especially because the workspace may be consumed by other tools.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill runs an external image converter on downloaded content without user warning, combining silent file writes with risky parsing of untrusted media. That makes the issue materially more dangerous than a mere disclosure problem because crafted files may trigger vulnerabilities in the converter or exhaust local resources.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal