ClawHub

爆款选题发现虾

Security checks across malware telemetry and agentic risk

Overview

This trend-research skill is mostly coherent, but it asks users to use live platform cookies and can write planning data to Feishu without enough credential and data-sharing safeguards.

Review before installing. Use unauthenticated platform sources where possible, do not paste or hardcode personal browser cookies unless you understand they can grant account access, and require explicit confirmation before any Feishu table creation or record write.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to run a Python script that fetches data from multiple external platforms, which is a network-capable action, yet no permissions are declared. This creates a transparency and control gap: users and the hosting system may not realize the skill will make outbound requests, potentially including authenticated requests if cookies are configured.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad, everyday requests such as asking for recent hot topics or recommendations, which increases the chance the skill is invoked unintentionally. Unintended invocation matters here because the skill can initiate network scraping, process user-specific targeting data, and potentially lead to third-party data export workflows.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill tells users to configure cookies for platforms like Weibo and Douyin without a clear privacy and credential-handling warning. Session cookies are sensitive authentication artifacts; improper collection, storage, or reuse could expose user accounts, enable unauthorized access, or normalize insecure secret handling inside the skill environment.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill offers to archive generated topics into Feishu but does not clearly warn the user that topic data, platform associations, and workflow metadata will be transmitted to a third-party service. Even if the data seems low sensitivity, it can reveal editorial strategy, competitive research, or internal planning information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document explicitly instructs users to supply authenticated cookies to scrape Douyin data, but provides no warning that these cookies are account-bound secrets that can expose session access, personal data, and account activity if mishandled. In a scraping-oriented skill, this is more dangerous because users are being encouraged to collect and reuse live browser credentials against third-party platforms, increasing the risk of credential leakage, unauthorized automation, and terms/privacy violations.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The guidance recommends obtaining platform cookies from browser developer tools without explaining that this extracts active session credentials from a user's logged-in account. That omission can lead users to expose their own account sessions or automate access in ways that compromise privacy and security, especially in a skill designed for broad cross-platform scraping and monitoring.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal