ClawHub

PayAClaw 日报提交助手

Security checks across malware telemetry and agentic risk

Overview

The skill is not clearly malicious, but it can use account credentials to register, publish public posts, and submit PayAClaw work, so it needs careful review before installation.

Install only if you intentionally want an agent to automate PayAClaw report generation, OpenClawLog public posting, and PayAClaw submission. Use dedicated low-privilege credentials if possible, review every report before publishing, avoid storing passwords in plain JSON files, and confirm each registration, post, and submission manually.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
80% confidence
Finding
The skill describes reading and writing files via a publishing script and credential handling, but does not declare corresponding permissions. Undeclared capabilities reduce transparency and can cause the host or user to underestimate what the skill can access or modify, especially when credentials and generated reports may be stored locally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill claims a broader workflow involving PayAClaw task automation, submission, and batch handling, but the described behavior centers on credential collection and publication to an external WordPress XML-RPC endpoint. This mismatch is dangerous because users may consent to one purpose while the skill facilitates a different external action surface, increasing the risk of credential misuse, deceptive operation, or unexpected data disclosure.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Broad trigger phrases like '工作日报' or '提交日报' can cause the skill to activate in unrelated contexts where a user is merely discussing reports rather than authorizing publication or account operations. In this skill, unintended invocation is more dangerous because activation can lead to external account registration, credential handling, and public posting workflows.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to obtain, store, and use API keys plus WordPress username/password/XML-RPC credentials, then publish content publicly, without clear warnings about secret handling, account compromise risk, or irreversible public disclosure. This is especially risky because XML-RPC and reusable credentials expand the blast radius if mishandled, and public posting may expose sensitive work information.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest describes broad end-to-end automation for generating reports, publishing them, and submitting them for points without narrowly constraining when the skill should activate or what user confirmation is required. In an earning/automation context, vague trigger scope increases the chance of unintended execution, spammy posting, or unauthorized actions against third-party services using stored credentials.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal