ClawHub

公众号订阅追踪

Security checks across malware telemetry and agentic risk

Overview

The skill largely does what it advertises, but its optional daily auto-push adds persistent scheduled execution and handles third-party API data/credentials with under-documented security risks.

Review before installing if you are monitoring sensitive competitors or private research targets. Use your own Redfox API token, understand that subscription names/IDs and query dates are sent to Redfox, avoid enabling --subscribe on shared machines, and inspect/remove any LaunchAgent or crontab entry if you stop using it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
script_path = os.path.abspath(__file__)
        cron_line = f"0 9 * * * /usr/bin/python3 {script_path} fetch"
        try:
            subprocess.run(
                f'(crontab -l 2>/dev/null; echo "{cron_line}") | crontab -',
                shell=True, check=True, capture_output=True
            )
Confidence
95% confidence
Finding
subprocess.run( f'(crontab -l 2>/dev/null; echo "{cron_line}") | crontab -', shell=True, check=True, capture_output=True )

subprocess module call

Medium
Category
Dangerous Code Execution
Content
else:
        script_path = os.path.abspath(__file__)
        try:
            subprocess.run(
                f'crontab -l 2>/dev/null | grep -v "{script_path}" | crontab -',
                shell=True, check=True, capture_output=True
            )
Confidence
98% confidence
Finding
subprocess.run( f'crontab -l 2>/dev/null | grep -v "{script_path}" | crontab -', shell=True, check=True, capture_output=True )

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill tells users to submit subscription targets and use an API token with a third-party service, but does not clearly warn that account names, identifiers, query dates, and possibly usage metadata will be transmitted off-device. This can expose sensitive monitoring interests such as competitor tracking or research targets to an external provider without clear user awareness.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill promotes a daily auto-push mode that installs a scheduled task and automatically opens a browser, but the description does not present this as a security-relevant side effect. Silent persistence-like behavior and automatic browser launching can surprise users, create abuse opportunities on shared systems, and increase the attack surface if the generated report or opened links are unsafe.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal