ClawHub

敏感内容处置器

Security checks across malware telemetry and agentic risk

Overview

This sensitive-file disposal skill is purpose-aligned overall, but it creates serious review concerns by claiming PDF redaction that may not actually remove data and by sending encryption passwords through external notification channels.

Install only after reviewing the implementation carefully. Do not rely on its PDF redaction unless you independently verify the output no longer contains sensitive text, disable password-bearing notifications, avoid sending secrets through chat or email webhooks, and keep backups before using overwrite or disposal options.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The tool advertises PDF redaction support, but `_redact_pdf()` only extracts text, computes a redacted version in memory, and then saves the original PDF without applying any edits or redaction annotations. In a compliance-disposal context, this creates a dangerous false sense of sanitization and can lead users to distribute documents that still contain sensitive data.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The notification service includes the encryption password directly in Feishu and WeCom messages, transmitting the secret over third-party webhook channels. This defeats the purpose of protecting the file because anyone with access to the chat message, channel history, webhook sink, or logs may obtain the decryption key.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README encourages sending notifications to Feishu and WeCom webhooks after processing sensitive files, but it does not warn that metadata about the operation, file names, or other sensitive context may be transmitted to third-party services. In a sensitive-disposal tool, omission of this privacy warning can cause users to unknowingly leak regulated or confidential information outside their controlled environment.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill offers notifications via email, Feishu, and WeChat and states that notification content may include the encryption password, but it does not provide an explicit privacy and data-handling warning. This can lead to transmission of sensitive metadata and secrets to external services, potentially exposing protected files and undermining the purpose of encryption.

Missing User Warnings

High
Confidence
98% confidence
Finding
The engine forwards `result.get('password')` into notifications automatically whenever notification channels are enabled, with no warning, confirmation, or separate authorization step. In this context, the tool handles sensitive files, so silently exfiltrating the password to outbound messaging platforms substantially increases disclosure risk.

Missing User Warnings

High
Confidence
99% confidence
Finding
Both `send_feishu()` and `send_wecom()` format outbound messages to embed the encryption password directly in the message body. This is dangerous because chat platforms, bot integrations, audit logs, and message recipients may all retain the password, enabling unauthorized decryption of the file.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
该文档明确指导用户使用 --overwrite 覆盖原文件,以及在加密后通过 Feishu Webhook 发送结果,但没有同步提供数据丢失、误操作不可恢复、Webhook 泄露或外发敏感文件的安全警示与校验要求。作为处理敏感文档的操作指南,这会增加用户在不了解风险的情况下执行高风险操作的概率,导致敏感数据泄露或原始文件被不可逆破坏。

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly includes the encryption password in notification content sent through external channels such as email, Feishu, and WeChat. Sending the decryption secret over separate third-party messaging systems defeats the confidentiality guarantee of encryption and creates an immediate path for unauthorized access if those channels are logged, intercepted, or misconfigured.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal