ClawHub

微博热搜采集 | Weibo Hot Search

Security checks across malware telemetry and agentic risk

Overview

This Weibo trend collector is mostly legitimate, but it needs review because unsafe command construction and local report rendering could expose users to avoidable risk.

Install only if you are comfortable letting it control an OpenClaw browser profile for Weibo and store scraped trend data locally. Prefer a dedicated low-privilege browser profile, avoid the optional detailed-content fetch until shell=True and URL validation are fixed, and treat generated HTML reports as untrusted local files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run_command(cmd, timeout=30):
    try:
        result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=timeout)
        return result.returncode == 0, result.stdout, result.stderr
    except Exception as e:
        return False, "", str(e)
Confidence
93% confidence
Finding
result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=timeout)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation shows operational capabilities for shell execution, filesystem writes, and network access, but it does not declare corresponding permissions. This is dangerous because users and hosting agents cannot accurately assess or constrain what the skill can do, increasing the chance of over-privileged execution and unintended external access or local file modification.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The stated purpose is hot-search collection and visualization, but the documentation also describes optional scraping of detailed topic posts and extra query/inspection functionality. This mismatch is risky because it hides broader data collection behavior from users and reviewers, which may expand privacy exposure, compliance risk, and operational reach beyond what was consented to.

Description-Behavior Mismatch

Medium
Confidence
80% confidence
Finding
The schema and usage examples indicate storage of topic post content and author metadata in addition to hot-search rankings, while the primary manifest focuses on hot-search collection and reporting. That broader retention of content increases privacy and data-handling risk, especially when users may not expect secondary collection of post bodies and author information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal