ClawHub

公众号原创文章推荐(红狐数据)

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it fetches remote article data with disabled TLS checks and automatically turns that data into local HTML without enough safety controls.

Install only if you are comfortable with this skill contacting a third-party API and creating local HTML reports. Avoid opening generated reports for sensitive workflows until TLS verification, output sanitization, URL validation, and confirmation before opening files are added.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The generated HTML unconditionally loads a third-party script from a public CDN, which expands the trust boundary from local HTML generation to remote code execution in the browser at view time. If the CDN asset is compromised, replaced, or blocked and downgraded via another path, anyone opening the generated file may execute attacker-controlled JavaScript, and the script can access all article data rendered into the page.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are very broad (e.g. terms like '原创文章' or '爆文推荐') and can match ordinary article-discovery requests that may not imply consent to use this specific skill. Overbroad activation increases the chance the skill runs unexpectedly, causing unsolicited network requests and file generation/opening side effects.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill explicitly says ambiguous input should still trigger a push of today's popular articles, which removes meaningful user intent verification. In context, this is more dangerous because invocation also forces backend calls and automatic HTML/PDF generation, so unclear input can produce unintended external requests and local file side effects.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples and behavior describe automatically generating HTML and exporting/opening PDF-capable output, but the skill description does not clearly warn users about these local file operations. Automatic file creation/opening can surprise users, expose them to unsafe rendered content, or create an undesirable persistence/artifact trail on the local system.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The mapping includes very broad triggers like “知识”, “生活”, “娱乐”, and catch-all terms such as “全部/所有分类”, which can cause ambiguous or unintended category matches. In this skill, that can misroute user requests and silently return irrelevant article feeds or subscriptions, reducing reliability and making downstream behavior easier to manipulate through prompt wording.

Missing User Warnings

High
Confidence
99% confidence
Finding
The HTTPS client explicitly disables certificate validation and hostname checking, which defeats TLS authentication and allows man-in-the-middle interception or tampering of API responses. In this skill, fetched article data directly drives user-visible output and is also written to disk, so a network attacker could inject misleading content or poison downstream processing.

Ssd 3

Medium
Confidence
96% confidence
Finding
Instructing the agent to relay backend stdout verbatim is dangerous because any unexpected output—debug logs, internal errors, tokens, URLs, stack traces, or other sensitive data—would be sent directly to the user without review. This risk is heightened here because the skill depends on remote network data and local scripts, both of which can produce unintended or attacker-influenced output.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal