ClawHub

皮皮虾社区数据采集

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a PiPiXia data-query assistant, but its own docs include metric-changing, generic short-link, and cross-platform fallback behavior that does not fit the claimed read-only scope.

Review this skill before installing. Only use it if you trust MaxHub/aconfig.cn with your API key, are comfortable with PiPiXia user/post/comment data retrieval, and can avoid or remove the documented view-count and arbitrary short-link behavior. The publisher should narrow endpoints to PiPiXia, remove cross-platform fallbacks, and make the read-only claim match the actual capabilities.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill is presented as a PiPiXia-only assistant, but its documented fallback and error-handling logic references Douyin and Xiaohongshu endpoints. This inconsistency can cause cross-platform requests outside the declared scope, increasing the chance of unintended data access, misrouting, and user/operator misunderstanding about what services the skill may contact.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The security declaration claims the skill is strictly read-only, but the documentation explicitly supports POST requests and tool scenarios including 'increase count'. Even if some POSTs are nominally analytical, the mismatch weakens trust boundaries and may enable state-changing or manipulation-capable operations under a false read-only label.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The documented API surface includes a state-changing operation to increase a post's view count even though the skill is presented as a data query assistant. This creates a mismatch between expected read-only behavior and actual capabilities, which could enable deceptive automation, metric manipulation, or unintended side effects when an agent is invoked for 'queries'.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The documented `fetch_short_url` endpoint explicitly allows shortening an arbitrary `original_url` ('可以是任意链接'), which extends the skill beyond Pipixia data querying into generic link redirection. That can enable phishing, tracking, or policy evasion if an agent exposes this capability without strict domain allowlisting or user warnings, especially because shortened links obscure the final destination.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The example trigger words are extremely generic terms like '作品', '用户', '搜索', and '热搜', which can easily overlap with normal conversational language. In an agent environment, this raises the chance of unintended skill activation and accidental API calls or data retrieval, especially because the skill exposes broad querying capabilities over user/content data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file documents authenticated access using a bearer token and exposes user-centric endpoints such as follower lists, following lists, user info, and post/comment retrieval, but provides no warning about privacy, authorization scope, or handling of potentially sensitive account data. In an agent setting, this omission can lead users to authorize broader data access than they realize and increases the risk of privacy misuse or over-collection.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The file instructs use of a bearer token for an external base URL but gives no warning that credentials will be sent to a third-party service. In agent ecosystems, missing disclosure and handling guidance can lead to accidental secret exposure, misuse of privileged API keys, or users unknowingly authorizing data access to an external provider.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal