ClawHub

微博舆情数据采集

Security checks across malware telemetry and agentic risk

Overview

This Weibo data skill is mostly read-only and disclosed, but it includes unrelated Douyin/Xiaohongshu routing instructions and broad social-profile collection features that deserve review before installation.

Install only if you are comfortable sending your MaxHub API key and Weibo queries to aconfig.cn. Review or remove the unrelated Douyin/Xiaohongshu fallback instructions before use, avoid supplying platform session cookies unless necessary, and use the user/profile/social-graph endpoints only for legitimate analysis with consent or another appropriate basis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill is presented as a Weibo-only read-only assistant, but its downgrade logic instructs the agent to use unrelated Douyin and Xiaohongshu paths. This creates a scope-confusion flaw: an agent following these instructions may access unintended APIs, mishandle parameters across platforms, or transmit user queries and credentials to endpoints outside the declared skill boundary.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The metadata and description describe a Weibo-only assistant, but the operational instructions include behavior for Douyin and Xiaohongshu. This mismatch weakens trust boundaries and can cause agents or users to underestimate what external services or datasets the skill may actually touch.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger signals include very generic words such as 'find', 'show me', 'detail', 'info', and similar broad terms. Overbroad activation can cause the skill to engage on ambiguous requests, leading to unintended external API calls and unnecessary transmission of user data to the third-party provider.

Vague Triggers

Low
Confidence
76% confidence
Finding
Defaulting uncertain requests to the Search path creates an unsafe fallback because ambiguous user input is automatically converted into an external search action. This increases the chance of accidental data disclosure or unintended API usage when the user's intent is unclear.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The file instructs use of a bearer API key for network access but provides no guidance on secret handling, transmission boundaries, or logging restrictions. In agent environments, that omission increases the risk that credentials are echoed, stored in prompts, or sent to unintended destinations during troubleshooting or orchestration.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document instructs callers to send an Authorization bearer token to an external host but does not include any user-facing warning about transmitting a sensitive credential off-platform. In an agent skill context, this increases the chance that operators unknowingly expose API keys to a third-party service, which can lead to misuse of the credential or unintended data-sharing assumptions.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The file documents APIs for profile lookup, followers, following, search, albums, and activity feeds without any prominent privacy, acceptable-use, or sensitivity guidance. In a social-media intelligence skill, this lowers friction for bulk people-tracking, profiling, and relationship mapping, increasing the risk of privacy abuse even if the underlying data is nominally platform-accessible.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal