ClawHub

Douban CLI

Security checks across malware telemetry and agentic risk

Overview

The skill’s Douban purpose is coherent, but it deserves Review because it reads browser login cookies and can make visible changes to a user’s Douban account without documented confirmation guardrails.

Install only if you trust the npm package and are comfortable with it reading local browser cookies to access Douban. Use explicit confirmation before login, export, batch operations, marking, rating, commenting, reviewing, following, or unfollowing, and run logout or remove the auth cache when you no longer want stored login state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list contains broad consumer phrases like '电影推荐', '好书推荐', and '演员导演', which are likely to match ordinary conversation and cause the skill to invoke unexpectedly. Because this skill can access browser cookies and perform authenticated actions such as marking, rating, exporting records, and following users, accidental invocation increases the chance of unintended privacy-sensitive or account-affecting operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill declares browser-cookie access for login-state extraction but does not prominently warn users that it will read cookies from local browsers or explain the privacy implications. This is dangerous because browser cookies are sensitive authentication artifacts, and users may authorize the skill without understanding that it will access locally stored login material.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal