ClawHub
Back to skill

Security audit

Fetch Zhihu Content

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its claimed purpose, but it includes under-disclosed scraping evasion and weakened browser sandbox settings that users should review before installing.

Install only if you are comfortable running a Playwright-based scraper against Zhihu pages. Prefer using it only for public content you have a right to save, choose a dedicated output folder, and avoid providing cookies or session data unless the skill is updated to document exactly how those credentials are handled. Review or remove the anti-detection code and no-sandbox browser flag before use in a sensitive environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs the agent to execute a Python script that uses environment access and writes downloaded content to disk, but the skill metadata declares no permissions. This creates a permission-model mismatch: an agent or platform may treat the skill as low-risk while it can still access runtime context and persist files, which weakens security review and user consent around filesystem effects.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script injects anti-detection logic to hide automation signals by modifying navigator.webdriver, plugins, languages, and window.chrome. For a narrowly scoped content-download skill, this crosses from normal rendering into deliberate evasion of site bot-detection controls, increasing the likelihood of misuse and making operator activity harder for the target service to identify.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The browser is launched with '--no-sandbox' and '--disable-dev-shm-usage', flags commonly used to relax browser isolation in containerized or restricted environments. If the browser processes malicious page content, weakened sandboxing can increase the blast radius of a browser compromise and is not justified by this skill's simple page-fetching purpose.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal