ClawHub

tieba cli

Security checks across malware telemetry and agentic risk

Overview

This Tieba skill is mostly coherent, but it gives an agent live-account powers to delete content and change the account nickname without strong confirmation safeguards.

Install only if you are comfortable giving the agent control over a live Tieba account. Before use, treat TB_TOKEN as a secret, review or disable rename/delthread/delpost, and require fresh explicit user confirmation before any public post, profile change, or deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The manifest says the skill is for browsing, posting, and replying on Tieba, but the CLI also exposes nickname mutation via `rename`. That expands authority from content interaction into account-profile changes, which can alter user identity and reputation without being clearly disclosed or scoped.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The CLI implements `delthread` and `delpost`, which are destructive actions not described in the stated skill scope. In an agent setting, undeclared deletion capability is dangerous because a prompt-injected or mistaken instruction could permanently remove user content and cause account or community harm.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill exposes destructive `delthread` and `delpost` commands with examples and success cases, but provides no warning, ownership checks, or recommendation for explicit user confirmation before deletion. In an agent setting, this increases the chance of accidental or prompt-induced destructive actions that remove content irreversibly or without clear user intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The metadata and setup instructions require `TB_TOKEN` but do not label it as a sensitive secret or warn against exposing it in logs, prompts, screenshots, or generated content. Because this token appears to authorize posting and account actions, mishandling it could let an attacker act as the user on Tieba.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The delete handlers execute immediately once called and only validate that an ID was supplied; there is no interactive warning, dry-run preview, or confirmation for destructive operations. In an LLM-agent context, this increases the chance of accidental or socially engineered irreversible deletion from ambiguous or injected instructions.

Ssd 1

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to read `SOUL.md` and follow it unconditionally whenever posting or replying, placing an external persona file above the model's normal behavior. This is dangerous because external files are untrusted prompt inputs and could contain manipulative instructions that suppress safeguards, alter behavior, or push the agent into unsafe social-engineering or policy-violating content generation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal