ClawHub

泛微 e-office 即时通讯(IM)WebSocket API - 私聊、群聊、AI助手等

Security checks across malware telemetry and agentic risk

Overview

This is a coherent e-office IM integration, but it gives an agent broad live messaging and group-management authority without clear safety controls.

Install only if you trust the publisher and intend to let the agent operate an e-office IM account. Use a least-privileged token, avoid administrator credentials, prefer wss/https endpoints, do not log or share tokens, and require explicit user confirmation before sending messages, withdrawing or deleting messages, changing status, or modifying groups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README advertises capabilities to send messages, create groups, and manage members, but it does not warn that these are state-changing actions affecting other users and accounts. In an agent skill context, this omission can lead to unsafe autonomous use, accidental messaging, unauthorized group changes, or misuse if an agent executes natural-language requests without explicit confirmation or authorization checks.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The configuration section instructs users to provide an OA access token but gives no warning about its sensitivity, storage risks, or scope of access. Because the token is used to authenticate to the IM service, exposure could let an attacker impersonate a user, access messages, query presence, or perform messaging and group-management actions against the organization’s IM environment.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill is configured to activate for very broad IM-related scenarios, including vague phrases like '任何涉及即时通讯的操作'. In an agent setting, this can cause the skill to be invoked for ordinary chat requests and expose high-impact capabilities such as messaging, deletion, group management, and status changes without sufficient intent verification.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation exposes numerous state-changing operations—sending messages, withdrawing/deleting messages, adding/removing members, and deleting groups—without requiring user confirmation, authorization checks, or warning about destructive effects. In an autonomous or semi-autonomous agent context, this increases the risk of accidental or unauthorized actions affecting communications and group state.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs clients to pass a token and loginUserId during the WebSocket handshake but does not emphasize that these are sensitive credentials and identity attributes that must be protected. This omission raises the chance of insecure handling, logging, disclosure in debugging output, or transmission over insecure ws/http channels, especially since the examples use non-TLS endpoints.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal