ClawHub

Anygen Workflow Generate

Security checks across malware telemetry and agentic risk

Overview

The skill is mainly a content-generation workflow, but its Feishu/Lark delivery path reads local app secrets and sends files through raw API calls, so it needs review before installation.

Install only if you trust Anygen, the @anygen/cli package, and the Feishu/Lark credentials available on the machine. Use least-privilege Feishu/Lark app credentials, verify the destination chat before each send, and avoid uploading confidential source files unless Anygen and the messaging destination are acceptable for that data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to read Feishu `app_id` and `app_secret` from a local config file and use them to obtain an access token for external API calls. That expands the skill from content generation into credential access and external service authentication, creating a clear risk of secret exposure and unauthorized messaging if the agent follows the instructions automatically.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The Feishu/Lark section adds direct `curl`-based upload and message-send capability to an external messaging platform, which is broader than the declared content-generation purpose. This gives the skill a general outbound communication path that could be abused to exfiltrate generated artifacts or other local data to chats outside the user's expectation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill tells the agent to access locally stored platform credentials and transmit them to Feishu's auth endpoint without an explicit warning or consent flow about secret use. Even if intended for legitimate delivery, this is sensitive credential handling that increases the chance of unauthorized access, accidental leakage, or misuse by downstream instructions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal