Security audit

Hotspot Aggregator

Security checks across malware telemetry and agentic risk

Overview

This skill performs the advertised hotspot aggregation and local report generation, with optional web fetching and local storage that are mostly disclosed.

Install only if you are comfortable with local reports and keyword lists being retained under /root/clawd/memory/hotspots. Leave real API mode off unless you want the machine to contact the listed trend APIs, and only add the cron entry if you want ongoing daily runs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The skill advertises hotspot aggregation and keyword subscription push, but the documented behavior includes fixed-path filesystem writes, config mutation, and outbound API access that are not clearly disclosed as operational side effects. This mismatch is dangerous because users may invoke the skill expecting passive analysis while it performs network activity and persistent local writes, reducing informed consent and increasing the chance of unsafe deployment in sensitive environments.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The description highlights automatic report generation and subscription-style behavior without clearly warning that the skill writes reports to disk and may perform outbound network activity when real APIs are enabled. This lack of transparency can lead users to unknowingly permit persistence and external data transfers, which is especially problematic on shared or production hosts.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The trigger list is broad and composed of common topical phrases such as '热点', '热搜', and platform-specific trending terms that users may mention in ordinary conversation. This can cause unintended skill activation and data retrieval/reporting behavior when the user did not explicitly request this skill, increasing the chance of prompt-routing mistakes and misuse in a monitoring/content context.

Missing User Warnings

Medium

Confidence: 72% confidence
Finding: When real-API mode is enabled, the script makes outbound requests to external services and persists the returned content under /root without any explicit consent, warning, or storage controls. In an agent or automation context, this can unexpectedly transmit environment-derived metadata such as proxy usage and leave persistent artifacts on disk, increasing privacy and operational risk.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list includes broad generic terms like '热点', '热搜', '热榜', and 'hotspot', which are likely to match many ordinary user requests and cause accidental activation. In a skill that aggregates trending topics and monitoring reports, unintended invocation can expose user intent, create noisy routing, and trigger actions when the user did not explicitly ask for this skill.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal