ClawHub

Skills

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed wrapper for Xianchou's CLI, but users should understand that reference files and Markdown-derived content may be sent to Xianchou's remote service.

Install only if you intend to use Xianchou's remote AI media service. Do not pass private images, videos, audio, or sensitive Markdown content unless you are comfortable uploading related data to Xianchou and receiving public asset URLs; review generated changes before using --write.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The skill description is broad enough to trigger in common Markdown editing, cover-image generation, and media-generation scenarios, which increases the chance an agent invokes it in contexts where remote uploads or API-backed generation were not explicitly intended. In this skill, that matters because invocation can lead to external API use and credentialed actions, so over-broad routing raises the risk of unnecessary data exposure or unintended modification workflows.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation states that local file paths supplied to generation commands are automatically detected and uploaded to the remote platform, but it does not prominently warn that local files will be transmitted off-host. This is dangerous because an agent may pass sensitive local images, videos, or audio files under the assumption they are used locally, causing unintended exfiltration to a third-party service.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The contract explicitly states that uploaded local files are stored and returned as publicly accessible URLs, but it provides no warning, consent step, or visibility controls for sensitive content. In an AI-agent-oriented CLI, this is especially risky because agents may upload local images, videos, or audio from a user's workspace without the user realizing the resulting URL is world-accessible and potentially permanent or guessable.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation states that local file paths passed to image/video generation commands are automatically uploaded and replaced with publicly accessible platform URLs, but it does not clearly warn users that this can expose local content outside their machine. In an AI-agent context, this is especially risky because an agent may pass local paths automatically, causing unintended disclosure of sensitive images, videos, or audio to a public endpoint.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide’s main behavior summary describes reading local Markdown, downloading images, and inserting links, but it does not clearly warn users that the command performs external network access and can modify local files and frontmatter when used with write mode. In an agent-facing skill, this omission is security-relevant because an autonomous system may invoke the command without surfacing the side effects, leading to unintended file changes or unreviewed outbound requests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal