ClawHub

Hotspot Aggregator

Security checks across malware telemetry and agentic risk

Overview

The skill’s hotspot-monitoring purpose is coherent, but its broad auto-triggers and persistent scheduled reporting need clearer user control and disclosure.

Review the scripts and any cron setup before installing. Use it only if you are comfortable with scheduled network-based trend monitoring and local storage of reports/subscriptions; narrow activation phrases where possible, set retention/deletion expectations for /root/clawd/memory/hotspots, and avoid monitoring sensitive people, brands, or topics unless that persistence is intentional.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation instructs users to run local shell scripts and use cron, but the skill declares no permissions. This creates a transparency and trust problem: an agent or user may invoke shell-capable behavior without an explicit permission boundary, increasing the chance of unexpected command execution or filesystem/network access.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are broad everyday terms like '热点', '热搜', and '舆情', which are likely to appear in normal conversation. This can cause accidental activation, leading the agent to run monitoring/reporting workflows, fetch external data, or write reports when the user did not explicitly intend to invoke this skill.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states that reports are written to /root/clawd/memory/hotspots and supports persistent keyword subscriptions, but it does not clearly warn users about on-disk storage and retention. Stored reports and subscription terms may reveal user interests, monitoring targets, or sensitive brand/person tracking data if other local users, tools, or processes can access them.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list contains many generic, high-frequency phrases such as '热点', '热搜', '热榜', and platform-specific hot-search terms that can match ordinary user requests not clearly asking to invoke this specific skill. In an agent ecosystem, overly broad triggers can cause unintended skill activation, routing user content into this skill without clear user intent, which may lead to confusion, unexpected network access, or undesired content aggregation behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal