ClawHub

Threads社媒数据采集

Security checks across malware telemetry and agentic risk

Overview

This Threads data skill is mostly read-only, but it contains unrelated Douyin/Xiaohongshu routing guidance that does not fit its stated Threads-only purpose.

Install only if you trust MaxHub/aconfig.cn with your Threads search terms and API key. Review the unrelated Douyin/Xiaohongshu fallback instructions before use; they should be removed or constrained so the agent only calls Threads endpoints under the documented base URL.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill is presented as a Threads-only assistant, but it includes downgrade mappings and path examples for unrelated Douyin/Xiaohongshu-style endpoints. This inconsistency can cause the agent to send user queries to unintended services or invoke the wrong API families, undermining user expectations, data handling boundaries, and safe tool routing.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The security declaration claims the skill performs only read-only Threads queries, yet later instructions reference unrelated platform endpoints and workflows. This creates a misleading trust signal that may cause users or agents to overlook broader data transmission and routing behavior, especially because the 'safe' declaration itself should be treated with suspicion when contradicted elsewhere.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The example trigger words are extremely broad (e.g., generic terms like '帖子,用户' and '搜索,搜'), which can overlap with ordinary conversation and cause the skill to activate unintentionally. In a data-query skill that can issue external API requests, false activations can leak user intent, consume API quota, and produce unexpected data retrieval without clear user consent.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The intent-routing triggers are broad and overlapping, with weak exclusion boundaries between Post & User, Search, and Deep Dive. In practice, ambiguous routing can cause the agent to select more expansive workflows than the user intended, increasing unnecessary data exposure to the third-party API and reducing predictability of tool behavior.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill description does not clearly and prominently warn that user queries will be sent to a third-party service for processing. Users may reasonably assume local handling or first-party processing, so the lack of explicit disclosure creates a privacy and consent risk when sensitive search terms, usernames, or content analysis requests are transmitted externally.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The documentation explicitly instructs use of a bearer token in the Authorization header but does not warn that the key is a secret, should not be logged, and must only be sent to the trusted base URL over HTTPS. In an agent-skill context, this omission can lead to accidental credential exposure through logs, prompts, screenshots, copied examples, or transmission to unintended hosts if orchestration is misconfigured.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal