ClawHub

Weibo Hot Daily

Security checks across malware telemetry and agentic risk

Overview

This is mostly a Weibo hot-search fetcher, but it ships an undisclosed Weibo session cookie and advertises features that are not actually implemented.

Review before installing. The script appears user-triggered and non-destructive, but the bundled Weibo cookie should be treated as an exposed credential, and users should not rely on the advertised AI, notification, or scheduling features unless a later version implements and documents them clearly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises executable behavior involving network access, shell execution, and file writing but does not declare any permissions. This weakens informed consent and platform enforcement, because users and tooling cannot accurately assess what capabilities will be exercised before installation or execution. In this context, the risk is elevated because the skill claims benign scraping/reporting behavior while its effective capabilities are broader than transparently documented.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented behavior does not match the analyzed implementation details: advertised AI summaries, daily automation, and multi-channel push are not actually implemented, while undisclosed external-request behavior involving embedded cookies is present. This is dangerous because hidden authentication material or undocumented outbound requests can expose credentials, violate user expectations, and enable unauthorized data access or tracking under the guise of a simple hot-search fetcher.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises Telegram/微信/邮件 push integrations but does not warn users that fetched hot-search content and any AI-generated summaries may be transmitted to third-party services. This is dangerous because operators may enable outbound notifications without understanding the privacy, compliance, or data-handling implications of sending content to external platforms.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code embeds a hardcoded Weibo `SUB` cookie in outbound requests, which is effectively an authentication/session token. Shipping a live session secret inside source code can expose private account access, enable unauthorized reuse by anyone with the code, and causes undisclosed authenticated requests on behalf of that account.

Ssd 3

High
Confidence
100% confidence
Finding
A hardcoded session cookie is a direct secret disclosure. Anyone who obtains the file may replay the token until expiration or revocation, potentially impersonating the associated account, accessing account-scoped data, or causing requests to be attributed to that user; the skill context makes this more dangerous because a public data fetcher has no legitimate need to bundle private session material.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal