ClawHub

Weibo Publish

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent for Weibo posting, but it can publish public content from an authenticated account and includes cleanup commands that may delete shared temporary/browser files without a clear approval gate.

Install only if you want an agent to publish to Weibo from your logged-in browser session. Before each post, confirm the active account, exact text, attached images, and final Send action. Review cleanup commands carefully and limit them to files created for the current post; avoid broad deletion of browser media or shared upload directories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The workflow includes shell-based local file operations (`cp`) that go beyond the core browser automation task of publishing to Weibo. Even though the example is framed as image preparation, instructing an agent to manipulate local files expands capability scope and can normalize arbitrary host-side command execution, especially if paths become user-influenced.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The examples rely on `exec` for timing and cleanup (`sleep`, later deletion), introducing arbitrary command execution into a skill whose stated purpose is browser-based publishing. Once `exec` is part of the documented workflow, it increases the chance that future prompts or parameter substitutions can be abused for unintended host command execution.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The cleanup guidance tells the agent to delete files under `~/.openclaw/media/browser/`, which is broader than the Weibo publishing task and may affect unrelated browser artifacts. This crosses task boundaries and can destroy forensic, debugging, or user-relevant data if executed automatically.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill directs the agent to delete files from shared temporary and browser-media directories as part of normal operation, but provides no safeguards such as confirming ownership, restricting deletion to files created during the current run, or requiring user approval. In an automation context, this can cause unintended data loss by removing unrelated uploads or screenshots that may still be needed for auditing, debugging, or other tasks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The markdown presents destructive cleanup commands as a required step without warning about deletion scope, side effects, or the need to verify file ownership. Users or agents may execute these commands blindly, causing loss of unrelated data in shared temp or browser-media directories.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal