ClawHub

一键扒爆款

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a disclosed content-extraction and rewriting workflow, but it asks users to use platform cookies and downloader-based scraping while giving inconsistent download/data-handling guidance.

Install only if you are comfortable with a workflow that may fetch third-party platform content, install browser/transcription/downloader tooling, use platform session cookies, and save generated drafts locally. Avoid providing cookies unless necessary, revoke or rotate them afterward, do not use it on private or unauthorized content, and review outputs for copyright, attribution, and platform-policy compliance before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs users to use a third-party downloader plus authenticated Xiaohongshu cookies to extract protected content, which expands the skill from simple rewriting into credential-backed scraping. This increases the risk of unauthorized collection of private or access-controlled data, cookie mishandling, and terms-of-service violations.

Description-Behavior Mismatch

High
Confidence
90% confidence
Finding
The documentation claims '不下载视频' but later describes downloader and ASR workflows that require obtaining video or audio files, creating a misleading trust boundary for users and reviewers. Misrepresentation of data handling is dangerous because users may provide links or credentials under false assumptions about what content will be fetched, stored, or processed.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad enough to match ordinary writing and editing requests, which can cause the skill to activate in contexts the user did not intend. In this skill, unintended invocation is more dangerous because activation can lead into scraping, transcription, and third-party content rewriting flows with legal and privacy implications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is explicitly designed around '扒爆款', '内容搬运', and '仿写' of third-party viral content, yet it lacks a clear warning about copyright, plagiarism, and platform-policy risks. In context, that omission materially increases the chance that users will use the tool for infringing or deceptive republishing at scale.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal