ClawHub

闲鱼自动发布工具

Security checks across malware telemetry and agentic risk

Overview

This skill can automate a live Xianyu marketplace account and includes under-disclosed listing management actions users should review before installing.

Install only if you are comfortable giving the skill browser-level access to a Taobao/Xianyu session and live listing controls. Use a dedicated account if possible, avoid anti-detection or platform-rule evasion, verify what command actually runs the included code, and confirm how to inspect and delete any saved cookies before using publish, batch publish, refresh, or unpublish actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill is presented as a publishing tool, but the analysis indicates it may also support broader account automation such as login, listing retrieval, item management, and exposure-refresh actions that are not clearly disclosed in the user-facing description. This hidden or under-declared capability increases the risk of unauthorized account actions, abuse of saved session cookies, and platform-policy evasion, especially given the explicit mention of anti-detection mechanisms and local login-state persistence.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The file implements actions beyond simple publishing, including listing retrieval, detail inspection, delisting, and exposure refresh. In an automation skill whose stated scope is publishing, these extra capabilities expand the action surface and enable inventory manipulation without that broader authority being clearly disclosed, increasing the risk of misuse or unintended destructive actions.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The merchandise-management functions are not necessary for the core purpose of an auto-publisher and create unnecessary privileged capabilities over a user's marketplace account. If exposed through higher-level agent flows, these methods could be invoked to alter listings, reduce visibility, or perform account actions the user did not expect from a publishing tool.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Broad trigger phrases like '发布闲鱼' and '自动上架' can cause the skill to activate in contexts where the user did not intend full marketplace automation. Because this skill can interact with an authenticated marketplace account and persist login state, accidental invocation could lead to unintended listing publication or other account actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The unpublish method performs a destructive account action with no application-level warning, approval, or secondary confirmation beyond clicking the website's own confirmation control. In an agent setting, this makes accidental or unauthorized delisting more likely, especially if upstream prompts or workflows trigger the method without clear user review.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal