ClawHub

AI内容创作助手

Security checks across malware telemetry and agentic risk

Overview

This writing skill has a plausible purpose, but a crafted topic can be executed as a shell command on the user's machine when hot-topic search runs.

Review before installing. Only use this version with fully trusted topic values, and avoid confidential topics because search queries may be sent to Tavily. A safer version should replace execSync shell-string execution with argument-array process spawning, declare the Tavily skill dependency, minimize inherited environment variables, and clearly disclose external search data flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script expands its stated writing functionality by reading an API key from the environment and invoking an external search skill to fetch live data. That creates undisclosed data access and outbound network behavior beyond the manifest's apparent scope, which is dangerous because users may supply sensitive topics assuming purely local text generation.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The code performs live hot-topic/news retrieval through another skill even though the skill description focuses on writing assistance. This mismatch reduces user visibility into networked behavior and increases the risk of unintended data sharing or capability creep in agent environments.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises automatic hot-topic search via Tavily and instructs users to configure a Tavily API key, but it does not disclose that user-supplied topics or prompts may be transmitted to an external third-party service. This creates a real privacy and data-handling risk, especially if users input confidential, unpublished, or regulated content topics assuming all processing is local.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill requires a Tavily API key for topic search but does not disclose that user prompts, topics, or article content may be transmitted to a third-party service. This creates a privacy and data-governance risk because users may unknowingly send sensitive draft material, proprietary content, or personal data to an external provider.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script builds a shell command string with untrusted topic input and executes it with execSync. Because the topic is interpolated inside double quotes, shell metacharacters such as command substitution can still be interpreted, enabling command injection and arbitrary code execution under the current user's privileges.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
User-provided topic text is sent to an external search path without clear disclosure or consent. In a writing assistant context, topics may contain confidential business plans, private drafts, or sensitive campaign ideas, so silent transmission can cause privacy and compliance issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal