ClawHub

Lucasyao1985/clawdchat-analysis

Security checks across malware telemetry and agentic risk

Overview

This skill browses Moltbook and saves local analysis reports as advertised, with no evidence of hidden credential use, destructive behavior, or exfiltration.

Install this only if you want your agent to browse Moltbook and save analysis reports locally. Use the explicit clawdchat trigger to avoid accidental runs, review the GitHub source before cloning, and clean the output directory if you do not want scraped posts or raw data retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase `今天AI们在讨论什么` is broad, natural-language-like, and plausibly overlaps with ordinary user requests about current AI discussions. In this skill, invoking the trigger can lead to automated browsing, scraping, analysis, and report generation, so accidental activation could cause unintended network activity and local file writes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README advertises automated scraping of feeds, deep fetching of posts and comments, and generation of a saved report, but does not prominently warn users that the skill will perform external network access and create files on disk. In the context of an agent skill, missing disclosure increases the risk of users triggering side effects without informed consent, especially when paired with broad trigger phrases.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes broad natural-language phrases such as '今天AI们在讨论什么' and 'AI agents 关注什么', which can plausibly appear in ordinary conversation and unintentionally invoke the skill. In an agent environment, accidental activation can lead to unrequested browsing, scraping, analysis, and file creation, expanding the skill's operational surface without clear user intent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill specifies writing a report to a local path under ~/myassistant/chat/moltbook-daily/YYYY-MM-DD.md but does not state that the user will be informed or asked to confirm before the write occurs. Silent filesystem writes are risky because they create persistent artifacts on the host and may surprise users or violate expectations about when local storage is used.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documented storage layout includes optional persistence of raw scraped data in a local JSON file, but there is no clear warning about retention, privacy implications, or the sensitivity of storing third-party content and metadata. Raw-data dumps increase exposure because they preserve more detail than the summarized report and can be accessed later by other local tools or users.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal