ClawHub

小龙虾-DeepSeek版

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed DeepSeek-backed coding assistant, but it stores and resends conversation history, so users should avoid using it with secrets or sensitive code.

Install only if you are comfortable sending prompts and saved conversation context to DeepSeek. Clear history before sensitive work, avoid pasting API keys, proprietary code, regulated data, or incident details, and invoke the skill deliberately because its trigger phrases are broad.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are very broad and overlap with normal software-assistance requests such as writing code, debugging, or reviewing code. That makes accidental activation likely, which is dangerous here because activation causes external transmission and retained context, potentially sending sensitive project material to a third party without the user intending to use this specific skill.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Ambiguous continuation triggers like '继续' or '接着写' are common conversational phrases and can unintentionally resume prior sessions. In this skill, that is especially risky because the resumed session includes automatically persisted history that may be resent to the external API, causing unintentional disclosure of prior sensitive context.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill states that conversation history is automatically carried across turns and saved to a local history file, but does not present a clear user-facing warning that this history is persisted and then retransmitted to an external API. This can lead users to include secrets, source code, credentials, or internal discussions under the false assumption that each request is ephemeral.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill names the DeepSeek endpoint and model but does not clearly warn users that their prompts and context are sent to a third-party service. In a coding-assistant context, users commonly paste proprietary code, API keys, logs, and vulnerability details, so lack of a clear disclosure materially increases the risk of unintended data exfiltration.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill sends the full conversation history, including prior user messages, to DeepSeek's external API but does not provide any explicit notice, consent flow, or data-minimization control before transmission. In a coding assistant context, users may paste proprietary source code, secrets, credentials, or internal incident details, so silent exfiltration to a third party creates a real confidentiality and compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal