ClawHub

运营数据日报虾

Security checks across malware telemetry and agentic risk

Overview

This is a coherent operations reporting skill, but it handles platform credentials and can store or share business metrics, so users should configure it carefully.

Install only if you are comfortable giving this workspace access to the listed platform tokens, secrets, and cookies. Keep the .env file private and out of source control, treat cookies and SESSDATA like passwords, confirm Feishu recipients and any @all alerts before sending, and enable cron only when you want unattended recurring collection.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs use of shell scripts and writes collected platform data to local files, but it declares no permissions. This creates a trust and review gap: operators and policy systems may not realize the skill can execute commands and persist potentially sensitive account analytics locally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
83% confidence
Finding
The documented behavior claims broader platform coverage and automated Feishu delivery/scheduling than is actually implemented. This can cause users to rely on missing controls or assume reporting, alerting, and delivery occurred when they did not, creating operational blind spots and possible mishandling of business data.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases include broad generic terms such as '生成日报', '数据统计', and '数据汇总', which could activate the skill in contexts unrelated to this specific multi-platform operations workflow. Unintended activation is risky here because the skill can initiate data collection, local storage, and outbound reporting actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill description states it will collect account data from multiple platforms, store historical data locally in SQLite, and push reports to Feishu, but it does not clearly warn users about privacy, retention, third-party sharing, or credential handling. In this context, the data may include sensitive business metrics and account identifiers, so silent collection/storage/sharing increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide explicitly instructs users to extract browser cookies from Xiaohongshu and store them in a local .env file, but does not warn that these cookies are equivalent to live session credentials and can enable account takeover if leaked. This is especially risky because it relies on a non-official interface, encouraging users to copy highly sensitive session material outside normal OAuth flows.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The .env template enumerates multiple real credential types, including client secrets, access tokens, cookies, and session identifiers, without any accompanying guidance on secure storage or non-disclosure. In practice, users often copy such templates into repos, logs, screenshots, or shared docs, creating a straightforward path to credential leakage across several platforms.

External Transmission

Medium
Category
Data Exfiltration
Content
**数据采集**(非官方,稳定性较低):
```bash
curl "https://creator.xiaohongshu.com/api/galaxy/creator/data/note_stats" \
  -H "Cookie: $XIAOHONGSHU_COOKIE" \
  -H "X-Sign: ..." \
  -d '{"start_date":"2026-03-31","end_date":"2026-03-31"}'
Confidence
91% confidence
Finding
curl "https://creator.xiaohongshu.com/api/galaxy/creator/data/note_stats" \ -H "Cookie: $XIAOHONGSHU_COOKIE" \ -H "X-Sign: ..." \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal