ClawHub
Back to skill

Security audit

ByteTech

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent ByteTech article-fetching purpose, but it needs review because it reuses a logged-in browser session and can inspect or save sensitive authenticated network and document data without strong user-control guardrails.

Install only if you intentionally want an agent to use your logged-in Chrome/Feishu access for ByteTech. Prefer a dedicated browser profile, avoid unrelated logged-in sessions, do not allow full header/body dumps unless necessary, and fetch full document bodies only for specific articles you choose.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill’s stated purpose is ByteTech article extraction via Chrome DevTools, but it additionally instructs use of lark-cli to fetch Feishu documents as the user. That expands scope from article metadata retrieval into direct access of linked documents, which may expose separate authenticated content and increases the chance of over-collection beyond what the user expected.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The API reference includes login-check and component-auth endpoints and promotes interface exploration beyond simple article retrieval. In a skill that reuses authenticated browser state, documenting auth-related endpoints and encouraging exploration can facilitate unintended probing of internal APIs and disclosure of authentication-related data.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The documented scope goes beyond the stated purpose of retrieving article metadata, catalog structure, and content. Including login-state inspection, team ranking, hotwords, label-tree enumeration, and Lark auth expands the agent's reachable capability surface and can enable unnecessary collection of user/account and organizational data when the skill already relies on a live logged-in browser session.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Publishing OAuth client details and example authentication cookies is sensitive because this skill operates through Chrome DevTools MCP and reuses the user's local authenticated session. Even if the values are examples, documenting auth artifacts normalizes handling credentials and may encourage collection, replay, or leakage of session material unrelated to the user task.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases include broad terms like '技术文章' and '整理 bytetech', which can cause the skill to activate in situations where the user did not intend authenticated browser-assisted extraction. Because this skill can reuse local Chrome login state and inspect network data, accidental invocation materially raises privacy and security risk.

Missing User Warnings

High
Confidence
96% confidence
Finding
The description says the skill connects to the user’s local Chrome and reuses login state, but it does not present this as a prominent warning or obtain explicit consent. Reusing authenticated browser context can expose private articles, account-linked metadata, cookies, and other session-derived data, so lack of front-loaded disclosure is a significant safety issue.

Missing User Warnings

High
Confidence
95% confidence
Finding
The instructions tell the agent to capture network requests and inspect full headers and bodies from an authenticated browser session, but do not require warning or consent first. Network captures can contain cookies, bearer tokens, CSRF values, internal API responses, and personal data, making this far more sensitive than ordinary page scraping.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly documents which cookies are used for authentication and states that Chrome DevTools auto-connect will inherit them automatically, without an accompanying privacy warning. This normalizes silent session reuse and creates a concrete path to access authenticated resources with the user’s browser identity, increasing risk of unauthorized data access or exfiltration.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file includes cookies and OAuth-related details without any warning or safeguards for sensitive auth material. In the context of a skill that explicitly reuses a user's logged-in Chrome session and performs traffic inspection, this omission is more dangerous because operators may be led to expose, log, or mishandle live credentials and session identifiers.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal