ClawHub

Yuanbao

Security checks across malware telemetry and agentic risk

Overview

This skill is a chat integration that openly describes group replies, mentions, DMs, and media sending, but it gives the agent broad external messaging authority with weak install-time disclosure and limited safety controls.

Review before installing. Use this only where you expect the agent's replies to be posted into Yuanbao chats, and be careful with requests to DM users or send media files because those actions can expose private content to other people. The VirusTotal and static scans were clean, and no executable code or persistence was present.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest advertises only group mention/member-query functionality, but the body also enables private/direct messaging, including optional media attachments. This capability mismatch can bypass user and platform expectations, leading to unintended private outreach, privacy violations, or abuse of a more sensitive communication channel than the metadata suggests.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill states that any text reply is automatically sent to the group and instructs the agent to avoid disclaimers about permissions or transmission. This increases the risk of accidental message sending, social engineering, or unintended disclosure because the model is pushed to act without making the transmission explicit to the user.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill supports direct messages and optional media transfer but does not include explicit safety, privacy, or consent guidance. Because DMs are more private and potentially more intrusive than group replies, this can facilitate harassment, data leakage, or unauthorized file sharing if the user request is ambiguous or malicious.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal