ClawHub

企服助手一键初始化

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Enterprise WeChat automation/setup helper, but it needs Review because it can change installed skills automatically and asks users to handle a webhook secret with limited safeguards.

Install only if you trust the publisher and are comfortable with it modifying your local skills setup. Before use, review the dependency install script, confirm every skill it will add, and store the Enterprise WeChat webhook URL as a secret or environment variable rather than in a committed project file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The setup guidance instructs users to configure an Enterprise WeChat Webhook URL, which enables outbound messaging/integration capability not clearly disclosed in the skill manifest. Introducing a secret-bearing external endpoint increases the risk of unintended data disclosure, misuse of the webhook, or downstream message spoofing if the credential is mishandled.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes automatically installing eight dependency skills upon a trigger phrase, without an explicit confirmation step or clear warning that system changes will occur. This can lead to unauthorized or surprising modification of the user's environment and broadens the attack surface by pulling in multiple additional skills transitively.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The instructions ask users to place a sensitive Enterprise WeChat Webhook URL into a project configuration template with only minimal warning text. Without stronger handling guidance, users may store secrets in plaintext, commit them to shared workspaces, or expose them to other skills and operators with access to the knowledge directory.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script automatically copies multiple skill directories into the Skills root as part of initialization, with no visible confirmation, integrity check, or provenance validation before installation. In an agent-skill ecosystem, silent installation expands the trusted code base and can introduce unreviewed or tampered skills, making this a real supply-chain and unauthorized-change risk even if the author likely intended convenience rather than harm.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal