ClawHub

Agent Reach

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it grants broad account and internet automation powers that users should review carefully before installing.

Install only in an isolated environment after inspecting the remote package or pinning it to a reviewed commit. Do not provide primary-account browser cookies; use disposable accounts where possible, revoke sessions afterward, and require explicit confirmation before any publish, like, comment, favorite, or other account-changing action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is framed as an installer/configuration helper, but most of the document instructs the agent to directly use many upstream tools for reading, searching, scraping, and interacting with third-party platforms. That scope expansion increases privileges and operational reach far beyond setup, making it easier for the skill to be invoked as a general-purpose internet access and automation layer without clear guardrails.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The XiaoHongShu examples include content publication commands even though the stated purpose is only to install and enable channels. Publishing content is a materially more sensitive action than setup because it can create outbound actions on the user's behalf, enabling spam, impersonation, or unauthorized posting if the skill is triggered unexpectedly or supplied with stolen credentials.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Broad triggers like '帮我配', '帮我添加', '帮我安装', and 'install channels' are likely to match ordinary user requests that are not intended to invoke a powerful internet-enablement skill. In context, accidental activation is more dangerous because the skill can install software, configure proxies, handle cookies, and enable broad upstream access.

Ssd 3

High
Confidence
99% confidence
Finding
The skill instructs users to export browser authentication cookies and send them to the agent, and also supports auto-extracting cookies from the local browser. Cookies are live session credentials; exposing them to an agent or tooling can allow account takeover, persistence across services, and misuse well beyond the intended platform access.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal