ClawHub

Taiji Topo File Downloader

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Taiji download helper, but users should supervise the local file move/rename step.

Install only if you want an agent to operate your current Chrome session on a.taiji.woa.com and save downloaded files under Downloads. Avoid other active Chrome downloads while using it, confirm the target file name, and review the destination before running the shell rename step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is presented as a browser workflow for downloading files from a web UI, but it also instructs local post-download filesystem operations including directory creation, file moving, and renaming. That expands the trust boundary from webpage automation into host-side file modification, which can overwrite user expectations, affect local data handling, and create risk if task inputs like file names or topology names are unsafe or attacker-controlled.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The shell snippet performs local file manipulation beyond simple page automation, including selecting a file from ~/Downloads using a glob and moving it into a new path. This is risky because it assumes the latest Chrome temp file belongs to the intended download and because untrusted variables may influence destination paths or filenames, leading to misplacement or unintended modification of local files.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instructions direct the agent to modify the local filesystem by creating directories and moving/renaming downloaded files, but they do not warn the user that local data will be changed. Silent host-side modification reduces informed consent and can cause accidental data loss, confusion, or interference with existing files and workflows.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal