ClawHub

Init User

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for paper-kb onboarding, but it requires a highly privileged Gitea administrator token and handles integration identifiers in ways users should review before installing.

Install only if you administer the target Gitea server and are comfortable giving this skill a site-admin token. Use HTTPS for GITEA_URL, store the token in a protected secret store or tightly controlled .env, avoid committing .env, rotate the token if exposed, and review who can read the system-config users.json repository because it stores Feishu and user mapping data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The registration flow persists Feishu app_token and table_id into long-lived user records, which increases the exposure window for identifiers that may grant access to external Feishu resources. In this skill context, the data is centrally stored in a system mapping table and later reused, so compromise of that store or over-broad read access could leak tenant-specific integration details and enable unauthorized access or targeting.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The update-feishu path returns feishu_app_token and feishu_table_id directly in stdout JSON, which may be captured by orchestrator logs, shell history wrappers, or downstream telemetry. In an agent skill environment where stdout is explicitly consumed by another system, echoing sensitive identifiers materially increases the chance of inadvertent disclosure.

Credential Access

High
Category
Privilege Escalation
Content
# paper-kb / init_user 环境配置
# 复制本文件为 .env 并填入真实值

# Gitea 服务器地址(注意确认是哪台服务器!末尾不要带斜杠)
GITEA_URL=http://43.156.243.152:3000
Confidence
74% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
# Gitea 服务器地址(注意确认是哪台服务器!末尾不要带斜杠)
GITEA_URL=http://43.156.243.152:3000

# 机器人账号的 Access Token
# 要求:该账号必须是 Gitea 站点管理员(管理后台→用户管理→勾选"是管理员")
# Token 权限范围:repo 读写、admin 写、user 读
GITEA_ADMIN_TOKEN=在这里填入token
Confidence
98% confidence
Finding
Access Token

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28
python-dotenv>=1.0
Confidence
95% confidence
Finding
requests>=2.28

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28
python-dotenv>=1.0
Confidence
95% confidence
Finding
python-dotenv>=1.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
requests

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
86% confidence
Finding
python-dotenv

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal