ClawHub

飞牛论坛签到

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it automates a forum daily sign-in, but it requires account credentials, Baidu OCR keys, and local session caches that users must protect.

Install only if you are comfortable giving this skill your forum password and Baidu OCR API keys, sending CAPTCHA images to Baidu OCR, and storing forum cookies/OCR tokens locally. Use dedicated credentials if possible, keep config and cache files out of shared folders and source control, review any cron schedule you enable, and delete cached files plus rotate credentials when you stop using it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill’s stated purpose is forum sign-in/status automation, but it also includes CAPTCHA-solving via Baidu OCR and token management. CAPTCHA bypass introduces an unstated anti-abuse circumvention capability and sends challenge content to a third party, which expands functionality and risk beyond what a user would reasonably expect from the description.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
This code sends CAPTCHA images to Baidu OCR to automatically solve login challenges, which is an unjustified third-party capability relative to the declared sign-in task. That creates both privacy risk and a mechanism to circumvent protections intended to limit automated logins, making the skill more dangerous in context.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
Requiring Baidu OCR API credentials introduces an additional third-party data flow and expands the trust boundary beyond what a simple forum sign-in skill would normally need. In context, this is more dangerous because it may send CAPTCHA or other login-related content to an external service, creating unnecessary exposure of user activity and secrets-adjacent authentication material.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation mentions local files for config, cookies, and token caches, but does not explicitly warn that credentials, session cookies, and OCR tokens may persist on disk. Persistent storage of authentication material increases the risk of credential theft, session hijacking, accidental commit to source control, or leakage from backups/shared workspaces.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script persists authenticated session cookies to a local JSON file, allowing anyone with filesystem access to reuse the forum session without re-entering credentials. Storing session material unencrypted and without warning increases the chance of account compromise on shared or weakly secured systems.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code caches Baidu OCR access tokens on disk without explicit notice, which exposes authentication material for the OCR service to local compromise. While this is less severe than storing primary credentials or forum session cookies, unauthorized reuse could enable abuse of the linked OCR account or quota consumption.

Unpinned Dependencies

Low
Category
Supply Chain
Content
}
  },
  "dependencies": {
    "axios": "^1.13.6",
    "cheerio": "^1.2.0",
    "tough-cookie": "^6.0.0"
  }
Confidence
84% confidence
Finding
"axios": "^1.13.6"

Unpinned Dependencies

Low
Category
Supply Chain
Content
},
  "dependencies": {
    "axios": "^1.13.6",
    "cheerio": "^1.2.0",
    "tough-cookie": "^6.0.0"
  }
}
Confidence
84% confidence
Finding
"cheerio": "^1.2.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"dependencies": {
    "axios": "^1.13.6",
    "cheerio": "^1.2.0",
    "tough-cookie": "^6.0.0"
  }
}
Confidence
84% confidence
Finding
"tough-cookie": "^6.0.0"

Known Vulnerable Dependency: axios==1.13.6 — 10 advisory(ies): CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF); CVE-2026-42044 (Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `pars); CVE-2026-42037 (Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in f) +7 more

High
Category
Supply Chain
Confidence
95% confidence
Finding
axios==1.13.6

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal