ClawHub

文献检索与下载全流程

Security checks across malware telemetry and agentic risk

Overview

This skill has a real academic-paper workflow, but it also reuses a logged-in browser session, posts to Ablesci, downloads files, and creates recurring monitoring jobs without strong consent gates.

Install only if you intentionally want full paper-search and download automation. Use a dedicated browser profile for Ablesci, require confirmation before every Ablesci post and cron job, verify the dependent literature-search skill before subprocess use, keep download/progress paths private, and remove the recurring monitor when the task is finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to extract CSRF tokens and broad ablesci.com cookies from the browser in order to act on behalf of the logged-in user. That is credential handling and session reuse beyond ordinary literature search, and if misused or over-scoped it can enable unauthorized account actions or leakage of authenticated session data.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The cron-based autonomous monitoring, downloading, status updates, and notifications create a standing automated capability that persists beyond the user's immediate request. In a skill with filesystem, browser, cron, and subprocess permissions, this increases risk of unintended actions, repeated access to third-party services, and unattended downloads or account interactions.

Vague Triggers

High
Confidence
89% confidence
Finding
The trigger description is broad enough to match common conversational phrases about finding papers, which can cause accidental activation of a high-permission skill. Because the skill can browse, write files, run subprocesses, and schedule cron tasks, mis-triggering materially increases the chance of unwanted external access and side effects.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill describes automatic downloads, file writes, periodic monitoring, and optional notifications without a clear risk disclosure or explicit informed consent step. Users may not realize that the agent will create persistent jobs, interact with authenticated web sessions, and save files automatically, which makes unintended or privacy-impacting behavior more likely.

Vague Triggers

High
Confidence
96% confidence
Finding
The manifest description includes broad natural-language triggers such as requests to find literature, download papers, or search academic materials, which can overlap with ordinary conversation and cause the skill to activate unexpectedly. Because this skill has powerful permissions including browser control, filesystem write, cron, and subprocess, accidental invocation could lead to unauthorized downloads, scheduled tasks, or local side effects beyond the user's intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal