ClawHub

公众号搜索爬虫

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real WeChat article search tool, but it saves API keys into generated HTML reports where they can be copied and reused.

Review before installing. Use only a low-privilege or throwaway API key, avoid sharing generated HTML reports, and assume search terms typed into the report are sent to redfox.hk. Prefer CSV-only mode if you do not need the interactive report.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The generated HTML report embeds API configuration and performs live searches from the browser, which turns a static report artifact into an active client for a backend service. Because the API key is delivered to every viewer, anyone with access to the report can extract and reuse the credential, and the report can generate unintended outbound requests from the user's environment.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The generated HTML injects the API key into client-side JavaScript, which writes sensitive credentials to disk in a report file and exposes them to anyone who can read the file or inspect the page source. Because the page supports live re-search and load-more calls from the browser, the leaked key can be reused to make additional authenticated API requests beyond the original export.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation description is broad enough to match many generic research, browsing, and trend-analysis requests, which can cause over-invocation of a networked skill that writes files and may open local services. Overly broad routing is risky because users may trigger data collection and side effects without realizing a crawler/export tool is being used. The skill context makes this more concerning since it is not a read-only utility.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The usage guidance says the skill should be prioritized across broad scenario categories like trend research, competitor analysis, inspiration gathering, and monitoring, without clear constraints or confirmation steps. This can funnel many loosely related requests into a crawler that performs network access, local file output, and possibly browser/server actions, increasing the chance of unintended execution. In context, the breadth is operationally unsafe rather than overtly malicious.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description highlights search and reporting features but does not clearly warn that the skill automatically writes CSV/HTML files and may launch a browser or local HTTP service. Missing disclosure undermines informed consent and can surprise users with filesystem changes and active local/network behavior. Because the skill also handles API keys and remote requests, the omitted warning increases the chance of accidental exposure or unsafe use.

Missing User Warnings

High
Confidence
99% confidence
Finding
The API key is written directly into client-side JavaScript, making it trivially recoverable through page source, developer tools, or saved report contents. An exposed key can be abused to query the backend service, consume quota, scrape data, or access any functionality tied to that credential.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The page sends user-entered search terms and source metadata to a remote API without any clear notice or consent mechanism. In this skill's context, users may treat the generated report as a local browsing artifact, so silent transmission of potentially sensitive research topics or monitoring targets creates a real privacy and data-handling risk.

Missing User Warnings

High
Confidence
99% confidence
Finding
Embedding the API key directly in the generated HTML exposes the credential in a persistent local file and in browser-visible JavaScript. Anyone with access to the file, browser dev tools, backups, sync folders, or shared exports can recover the key and use it to consume API quota or access associated account capabilities.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal