ClawHub

UAPI 步骤2 (方法二): 获取原始文本 接口

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to retrieve Clipzy raw text, but it is under-scoped for a sensitive decryption flow and may send a decryption key to the service without enough warning.

Install only if you intentionally want server-assisted Clipzy raw-text retrieval. Treat any Clipzy IDs, plaintext, and decryption keys as sensitive, confirm each retrieval explicitly, and avoid using this skill for secrets or private content unless you trust the service to handle keys and decrypted data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description includes broad trigger phrases such as “raw”, “api raw”, and “decrypt clipzy text”, which are generic enough to match unrelated user requests and may cause the agent to route tasks to this skill incorrectly. In a security-sensitive context, misrouting to a raw-text retrieval/decryption endpoint can expose clipboard contents or encourage use of decryption-related functionality when the user did not clearly intend that action.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The English keyword list contains ambiguous triggers including “raw”, “clipzy”, and “read raw text” without constraints that the user is asking for this exact endpoint. This increases the chance of accidental invocation of a capability that retrieves decrypted/plaintext content, which is more sensitive than ordinary metadata or lookup operations.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The skill enables implicit invocation without any trigger constraints, so the agent may call a raw-text retrieval endpoint automatically based on loose user phrasing rather than explicit confirmation. Because this skill is specifically for fetching/decrypting raw Clipzy text, overbroad auto-invocation increases the chance of unintended access to sensitive plaintext, secret material, or end-to-end encrypted content identifiers.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs users to send their decryption key to the server, which defeats end-to-end secrecy expectations and causes plaintext to be exposed to the service during decryption. Even if this is an intentional convenience feature, the documentation does not warn users about the trust shift, logging risk, or that server operators and intermediaries may gain access to sensitive content and keys.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal