ClawHub

media-cluster

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can automatically download and run an unpinned third-party crawler, install dependencies, use logged-in social-media sessions, and send a voice summary to an external TTS service from a broad request.

Install only if you are comfortable with an agent downloading and running MediaCrawler, installing packages and browsers, logging into social platforms through QR code, and storing crawl results locally. Use a separate low-privilege social-media account if possible, review or pin the MediaCrawler commit before setup, clear cached sessions after use, and enable TTS only for summaries you are willing to send to SenseAudio.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description and examples are broad enough that ordinary user requests about searching or summarizing Chinese social-media content could trigger this skill unintentionally. Because activation leads to cloning a repository, creating environments, installing dependencies, launching browsers, and crawling external platforms, an over-broad match can cause high-risk side effects from a casual request.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to 'automatically complete the full workflow' with no further user confirmation, including environment setup, dependency installation, repository download, browser-based login, and data collection. This lack of boundaries is dangerous because ambiguous or loosely matched requests can escalate directly into code execution and external network activity on the host.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script automatically clones a remote repository and installs its dependencies, including Playwright browser components, which results in network access and execution of code from external sources without an explicit trust prompt or verification step. This increases supply-chain risk because a compromised repository, dependency, or installation hook could execute unintended code on the user's system during setup.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal