ClawHub

深智智预习生成

Security checks across malware telemetry and agentic risk

Overview

The skill matches its study-prep purpose, but it stores account passwords plainly and uploads user documents to remote AI services without enough safety guidance.

Install only if you trust the DeepAIStudy service and package source. Use a dedicated or low-privilege account, verify the server is https://www.deepaistudy.com before logging in, avoid uploading sensitive or regulated PDFs/images unless approved, and remove or protect the local config file after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if ai_script.exists():
        import subprocess

        result = subprocess.run(
            [str(ai_script), pdf_path],
            capture_output=True,
            text=True,
Confidence
81% confidence
Finding
result = subprocess.run( [str(ai_script), pdf_path], capture_output=True, text=True, timeout=60, )

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly describes sending user-provided PDFs/images through external AI systems for OCR and generation, but it does not warn users that their uploaded content and extracted text leave the local environment and are processed by third-party services. This creates a real privacy and data-handling risk, especially if users upload copyrighted, sensitive, student, or personal material without informed consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation instructs users to set a username and password in the skill configuration but provides no warning about secure credential handling, storage, shell history exposure, or safer alternatives. This can lead to accidental plaintext storage, credential leakage to logs/history, and account compromise if users follow the example verbatim.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The tool stores the user's password in plaintext in a config file under the home directory. Any local compromise, backup exposure, overly permissive file permissions, or accidental disclosure of that file would immediately reveal reusable credentials.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The client sends username and password to whatever server is configured, including plain HTTP endpoints such as the documented localhost default pattern and any user-set remote host. If a remote non-HTTPS server is used, credentials can be intercepted or redirected to an attacker-controlled endpoint, leading to account compromise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal