ClawHub

Fox Agent Reach

Security checks across malware telemetry and agentic risk

Overview

This skill is a broad web and social-platform automation guide, but it includes account-cookie use, public posting capability, and anti-bot bypass guidance without enough safeguards.

Install only if you intentionally want a broad platform automation helper and are comfortable managing sensitive account cookies. Use throwaway or limited-scope accounts where possible, do not allow posts or comments without an explicit preview and confirmation, and avoid the WeChat anti-bot bypass workflow unless you have clear permission and a compliant access path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs use of a tool that 'bypasses WeChat anti-bot' protections to read articles. Even though framed as content access, guidance for circumventing platform defenses exceeds ordinary read/search behavior and can enable unauthorized or policy-violating access patterns.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list contains very broad phrases such as 'research', 'find information', and common Chinese equivalents that can cause the skill to activate in many unrelated conversations. Overbroad activation increases the chance of unexpected network access, tool execution, or platform interaction without the user's clear intent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill says it should be used when a user asks to 'post, comment, or interact' on external platforms, but it does not prominently warn that these actions can make irreversible external changes using the user's accounts. That creates a risk of unintended posting or engagement if the skill is auto-invoked or the user request is ambiguous.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented XiaoHongShu publish_content call can create a live post, yet the skill provides no visible warning that it will publish to the user's account. In a broad web/search skill, embedding write-capable commands without strong consent controls raises the risk of accidental or unauthorized account activity.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal