ClawHub

Вконтакте - публикация постов, фото и видео. Диалоги с посетителями. NodeJS

Security checks across malware telemetry and agentic risk

Overview

The skill is a real VK community-management helper, but it asks users to grant broad permanent VK account/community access and gives under-scoped guidance for message and token handling.

Install only if you are comfortable letting an agent manage your VK community and messages. Prefer the narrowest VK token that works, avoid offline full-rights user tokens where possible, do not paste tokens in shared terminals or logs, set a polling time limit, leave auto-mark-as-read off unless intentional, and manually approve posts, message actions, deletions, and raw VK API calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents fetching message history and using long poll with auto-mark-as-read, but does not provide a clear privacy warning that private user communications will be accessed and their read-state changed. This can lead to silent processing of user messages and unintended privacy or trust violations for community members.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation recommends using a high-privilege User Token with broad scopes and emphasizes it for full rights, but does not warn that compromise or misuse of that token can affect both the operator account and the managed community. In this context, the token can enable posting, deletion, message access, and long-lived access, making overprivileging particularly risky.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide instructs users to pass VK access tokens directly as command-line arguments, which can expose secrets through shell history, process listings, audit logs, and CI/job output. Because these tokens are long-lived and may carry broad scopes including offline access and messaging, disclosure could let an attacker fully manage the community and access messages.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The CLI places the VK access token into the URL query string for every API call. Query-string tokens are prone to leakage through logs, browser/proxy history, monitoring systems, crash reports, or intermediary infrastructure, so a stolen token could let an attacker post, read messages, or manage the community depending on its scope.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal