ClawHub

西瓜视频中视频采集

Security checks across malware telemetry and agentic risk

Overview

This appears to be a read-only Xigua data lookup skill, but its instructions also point agents toward other platform API paths, so users should review it before installing.

Install only if you are comfortable giving this skill a MaxHub API key and sending video IDs, user IDs, search terms, and comment queries to www.aconfig.cn. Review or remove the Douyin/Xiaohongshu references first if you expect a strictly Xigua-only skill, and store the API key securely rather than pasting it into prompts or shared files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill claims to be a read-only Xigua assistant, but the documented downgrade mappings point to Douyin endpoints. This scope mismatch can cause the agent to transmit user queries and identifiers to a different platform/API family than advertised, undermining user expectations and increasing the risk of unintended cross-platform data access or policy bypass.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The 404 handling section includes a Xiaohongshu path example inside a Xigua skill. Even as an example, this can steer an agent toward the wrong service namespace and normalize cross-platform request construction that exceeds the skill's stated purpose.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The top-level description says the skill covers Xigua functionality, but the body mixes Douyin and Xiaohongshu interfaces. This is a scope-deception issue: users and host systems may authorize the skill for one platform while it contains instructions applicable to others, expanding external data access beyond the declared behavior.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README's example trigger words are extremely broad ('视频,用户'), which overlap with ordinary conversational terms and can cause accidental invocation of the skill in unrelated contexts. In an agent environment, overbroad triggers increase the chance of unintended data access or tool execution, especially for a skill that queries external video, user, search, and comment data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill requires a sensitive API key and sends requests to an external service, but it does not clearly warn users that their queries and identifiers will be transmitted off-platform. In a data-query skill, this omission weakens informed consent and can expose search terms, user IDs, or video IDs to a third party unexpectedly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document explicitly instructs use of a bearer token in the Authorization header but provides no warning about secret handling, storage, redaction, or least-privilege use. In an agent-skill context, this increases the chance that downstream tooling, logs, prompts, or users will mishandle the API key and expose reusable credentials.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal