ClawHub 中文 Skill 查询

Security checks across malware telemetry and agentic risk

Overview

This is a public ClawHub search helper with an optional, disclosed daily notification feature that users should enable deliberately.

For normal one-time searches, this skill only queries public ClawHub data. Before enabling daily reports, confirm the schedule, recipient/channel, and how to list or remove the cron job so recurring messages do not continue unexpectedly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill’s stated purpose is an on-demand query for newly uploaded Chinese skills, but it also instructs the agent to create persistent cron jobs that proactively push results to a user channel. This expands behavior from user-requested retrieval into ongoing autonomous messaging, which can enable unwanted persistence, spam, or monitoring beyond the original request if delivery targets are misconfigured or user consent is unclear.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill grants broad cron-management capabilities including add, update, remove, list, and run, plus delivery targeting to user channels, even though its main purpose is simply filtering Chinese-language skills from a webpage. That excess capability increases the risk of abuse, accidental reconfiguration, unauthorized message delivery, or persistence mechanisms that are not necessary for the core task.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal