ClawHub

企微瓣 CLI (qwb-cli)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Qiweiban CLI guide, but its broad auto-triggering plus account login, local token storage, billable actions, and biometric media uploads need user review before installation.

Install only if you intend to use Qiweiban/qwb for these tasks. Verify the npm package and publisher first, avoid giving the agent passwords or SMS codes unless the environment is trusted, protect ~/.qwb/credentials.json, and require explicit confirmation before uploading personal voice, face, image, or video content or spending account credits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger conditions include broad, everyday phrases such as generating speech, chatting with AI, or generating images, which can cause the skill to activate in contexts where the user did not explicitly intend to use this third-party CLI. Because the skill can perform authenticated actions and consume account credits, overbroad matching increases the risk of unintended invocation, data transfer, and billable operations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents password login, SMS-code login, API URL configuration, and local token storage in ~/.qwb/credentials.json, but provides no user-facing warning about how secrets are handled or the security implications of storing long-lived tokens locally. In an agent setting, this can lead users to disclose credentials to the agent or leave reusable tokens on disk without understanding the exposure risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill supports uploading local audio and video files and submitting remote URLs for processing, but does not warn that these operations transfer potentially sensitive biometric or personal media to external services or storage. Given that the features involve voice cloning and digital humans, the privacy and misuse implications are elevated compared with ordinary file upload behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal