ClawHub

热点聚合监控

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed public trending-topic aggregator that writes local reports and keyword settings, with no evidence of hidden exfiltration or destructive behavior.

Safe to install for public hotspot monitoring. Enable USE_REAL_API only when you want live network requests, review any PROXY value before use, and add the cron entry only if you want recurring reports. Remove /root/clawd/memory/hotspots and clear config.json keywords when you no longer want stored reports or subscriptions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill documentation instructs users to run local shell scripts and set up cron jobs, but the skill declares no permissions or security-relevant capabilities. This creates a transparency and trust problem: users may invoke filesystem writes, scheduled execution, and network access without explicit declaration, increasing the risk of unintended code execution or data modification.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list contains very broad terms such as '热点', '热搜', '舆情', and '内容监控', which are likely to appear in ordinary user conversation. Overbroad triggers can cause the skill to activate unintentionally, leading to unexpected execution of scripts, network fetches, report generation, or notification workflows in contexts where the user did not clearly request them.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation advertises automatic report generation, keyword subscriptions, storage under /root/clawd/memory, cron-based automation, and optional push/notification behavior without clearly warning about persistent writes or outbound communications. In a skill that monitors external data sources and supports scheduled execution, undisclosed writes and notifications can surprise users and create privacy, integrity, and operational risks.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes very generic phrases such as '热点', '热搜', '热榜', and '舆情', which are likely to appear in ordinary user conversations unrelated to explicit invocation of this skill. This can cause unintended activation and context capture, increasing the chance the agent routes benign discussion into the skill unexpectedly.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes broad, common phrases such as '热点', '热搜', '今日热点', and '热榜', which can match many ordinary user requests and cause the skill to activate unintentionally. Because this skill performs monitoring, aggregation, and subscription-related behavior, accidental invocation could lead to unwanted data collection, noisy responses, or users being enrolled into monitoring/report flows they did not clearly request.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description and feature set advertise automatic report generation, keyword subscription pushing, and monitoring, but the activation scope and consent model are not defined. In practice, this ambiguity can cause the agent to overreach—starting persistent monitoring, generating scheduled reports, or enabling push-like behavior without a clear user opt-in or well-scoped request.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal