ClawHub

Zhihu Aiops

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only AIOps integration skill that uses sensitive credentials for disclosed platform workflows, with no evidence of hidden execution or unrelated data sharing.

Install only if you trust the Zhihu AIOps endpoint you configure. Use least-privilege platform and SSH accounts instead of root/admin where possible, avoid pasting secrets into chat unless necessary, prefer HTTPS or protected internal network endpoints, and confirm how the backend stores SSH passwords before using OS monitor creation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
该文档并非仅提供只读参考,而是明确指示代理执行登录、连通性测试和创建监控等真实写操作。对一个“skill/reference”文件来说,这会把用户输入的主机信息和凭据直接带入外部系统调用,扩大误操作、越权操作和敏感数据处理风险。

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
文件自称是资产管理助手,但实际工作流包含 `/asset-info/create` 这类持久化写操作,能力边界与表述不一致。此类“看似指导、实则执行”的设计容易让用户或上层代理在未充分感知风险的情况下触发生产变更。

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill explicitly instructs operators to provide highly sensitive inputs including platform credentials and target host access details such as IP, username, and password, but it does not include strong handling guidance, masking requirements, least-privilege recommendations, or warnings about the operational risk of testing connectivity and creating monitoring assets. In an agent setting, this increases the chance that secrets are exposed in prompts, logs, transcripts, or generated scripts and that actions are taken against production systems without sufficient user awareness.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
文档要求用户提供 SSH 用户名和密码,并在后续请求中将这些敏感凭据直接发送到平台接口,但没有提供最小化采集、存储/传输保护、使用范围说明或风险提示。若技能日志、提示回显、调试输出或下游平台处理不当,可能导致凭据泄露并进一步造成主机被接管。

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
API_URL="${ZHIHU_API_URL:-http://localhost:1024}"
TOKEN=$(curl -s -X POST "${API_URL}/admin-api/system/auth/login" \
  -H "Content-Type: application/json" \
  -d "{
    \"username\": \"${ZHIHU_USER:-admin}\",
Confidence
92% confidence
Finding
curl -s -X POST "${API_URL}/admin-api/system/auth/login" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
使用用户提供的 IP、端口、用户名、密码测试 SSH 连通性:

```bash
curl -s -X POST "${API_URL}/admin-api/zhihu/snmp/testConnect" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer ${TOKEN}" \
  -d "{
Confidence
96% confidence
Finding
curl -s -X POST "${API_URL}/admin-api/zhihu/snmp/testConnect" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${TOKEN}" \ -d "{ \"userName\": \"<用户提供的用户名>\", \"monitorP

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal