ClawHub

快手短视频采集

Security checks across malware telemetry and agentic risk

Overview

This is mostly a read-only Kuaishou data skill, but it contains unexpected cross-platform fallback routes and weak controls around API-key and user-data handling.

Review before installing. Use this only if you intend to send Kuaishou identifiers, links, search terms, and related profile/video data to MaxHub at aconfig.cn. Keep MAXHUB_API_KEY secret, avoid storing it in shared repositories or logs, and be aware that the skill currently contains Douyin fallback routes that do not match its Kuaishou-only description.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill’s security declaration asserts it is a Kuaishou-only, read-only assistant, but the documented fallback behavior includes unrelated Douyin/Xiaohongshu routes. That inconsistency undermines user trust and can cause unintended cross-platform requests, potentially sending user queries and authenticated requests to APIs outside the declared scope.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The execution and downgrade paths include Douyin/Xiaohongshu API routes even though the skill is presented as a Kuaishou assistant. This can lead the agent to invoke the wrong service, causing data exfiltration to unintended endpoints, scope creep beyond user expectations, and misuse of the provided API key.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The example prompts are extremely generic terms such as "视频", "用户", "搜索", and "直播", which are common in normal conversation and do not define a clear invocation boundary for the skill. In an agent ecosystem, this can cause unintended activation or routing to this skill when a user is speaking generally about videos, users, search, or live content, potentially leading to unnecessary external API calls and exposure of user queries to a third-party service.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The example trigger words are extremely broad everyday terms like '视频', '用户', '搜索', and '直播', which can overlap with normal conversation and cause the skill to activate unintentionally. In an agent environment, accidental invocation can lead to unintended external API calls, disclosure of queried content to a third-party service, and user confusion about why the skill was used.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The README instructs users to configure an API key but does not warn that the key is a sensitive secret that must not be committed, logged, or shared. This omission increases the chance that users expose the credential in shell history, screenshots, source control, or chat transcripts, which could allow unauthorized use of the third-party API.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation requires a bearer token and describes user-data retrieval endpoints, but it provides no warning about secure API key handling, least-privilege usage, or privacy obligations when accessing user-related data. In an agent skill context, this increases the chance that integrators will mishandle credentials or collect personal data without appropriate safeguards, leading to unauthorized access or privacy violations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The user profile lookup endpoint enables retrieval of identifiable user information and even encourages repeated requests until success, yet the documentation does not warn about privacy sensitivity, rate limiting, consent, or misuse risks. In this skill's context, that omission makes automated collection or scraping of user profiles more likely and can facilitate privacy abuse at scale.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs callers to send user-provided identifiers and URLs/share text to an external third-party service but does not warn that this transmits potentially sensitive user content off-platform. In an agent context, this can lead to unintended data disclosure, especially when users paste private links, identifiers, or share text without understanding that it will be forwarded to https://www.aconfig.cn.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal