ClawHub

Remote Dispatch — 多端远程协同

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed remote-control skill, but it exposes screenshots, clipboard contents, window actions, and file/app opening through broad message triggers without an enforced authorization or confirmation boundary.

Install only if you intend to let a trusted QQBot workflow control this machine. Before using it, add or verify sender authentication, require a strict command prefix, enforce the [远程] marker, require confirmation for screenshots, clipboard reads, window closing, and file actions, and avoid using it on systems where the screen or clipboard may contain passwords, tokens, private messages, or business data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script is described as handling remote QQ commands, but it accepts any CLI text and computes an is_remote flag without ever enforcing it. In the context of a remote desktop dispatch skill, this means any upstream component or local caller can trigger sensitive actions like screenshots, clipboard reads, browser actions, and window control without an explicit trust boundary or authentication gate.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill uses broad natural-language triggers like '帮我截个屏' and '关掉那个窗口', which are easy to match accidentally in ordinary conversation. In a remote-control context, ambiguous phrases can cause unintended screenshots, window actions, or file opens, increasing the risk of privacy leaks or destructive actions without deliberate operator intent.

Missing User Warnings

High
Confidence
92% confidence
Finding
The skill advertises screenshot return and clipboard-return behavior but does not present a prominent privacy warning at the point where these features are described. This is dangerous because the feature directly transmits sensitive local state to a remote chat channel, and users may underestimate the exposure of credentials, personal messages, documents, or other on-screen data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Clipboard contents often contain passwords, tokens, private messages, or other secrets, and this function exposes them for return without confirmation, masking, or policy checks. In a remote-dispatch skill specifically designed to relay commands from messaging inputs, this creates a straightforward secret-exfiltration primitive.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Screenshot capture can expose on-screen secrets such as emails, chats, MFA codes, financial data, and internal documents, and this function offers no consent, minimization, or warning controls. Because this skill is meant for remote operation, the risk is elevated: an unauthorized or spoofed command can silently turn the host into a visual surveillance endpoint.

Ssd 3

High
Confidence
97% confidence
Finding
Returning clipboard contents to a remote chat channel is a direct exfiltration path for highly sensitive data such as passwords, API keys, MFA codes, and personal information. Because the trigger is phrased in ordinary language, a remote sender or compromised bot workflow could retrieve secrets with minimal friction.

Ssd 3

High
Confidence
97% confidence
Finding
The workflow explicitly instructs the system to read and send back clipboard contents, normalizing sensitive data exfiltration as a standard feature. In a remote desktop-control skill, this creates a high-risk channel for disclosure of confidential business data and personal secrets to an external messaging service.

Ssd 3

Medium
Confidence
90% confidence
Finding
A screenshot-and-return flow triggered by ordinary conversational phrasing can expose whatever is currently visible on the screen, including emails, internal documents, credentials, or chats. The risk is amplified because the action sends the captured image off-device to a remote messaging channel rather than keeping it local.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal