ClawHub

xiaofeng-skills

Security checks across malware telemetry and agentic risk

Overview

This skill performs its stated Tencent Docs publishing workflow, but it uses hidden local Tencent credentials and automatically makes generated documents publicly editable.

Install only if you are comfortable with this skill using an existing Tencent Docs authorization token, uploading the selected images and note text, moving the created document to a default folder unless overridden, and making it publicly editable. Prefer requiring an explicit token or secret, choosing the destination folder yourself, and changing sharing to private or view-only unless public editing is intentionally needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script reads an authorization bearer token directly from /root/.mcporter/mcporter.json and uses it to perform remote API actions. For a note-publishing skill, silently harvesting host credentials from a root-owned local config crosses a trust boundary and can abuse whatever Tencent Docs account is configured on the machine, especially in shared or agent-run environments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown states that the script will set the generated Tencent document to public edit access, but provides no warning about confidentiality or integrity risks. Publicly editable links can expose business content to anyone with the link and allow unauthorized tampering, defacement, or malicious content insertion.

Missing User Warnings

Low
Confidence
71% confidence
Finding
The skill instructs users to supply an API token via an environment variable without any guidance on secure handling. While environment variables are common, failing to warn about secret storage, shell history leakage, logging, and least-privilege token use increases the risk of accidental credential exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script consumes a locally stored authorization token without any user-facing disclosure or consent flow. This can cause the skill to act with ambient credentials the operator did not intend to delegate, enabling unauthorized document creation, modification, or data publication under another account.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill uploads local image files and user-provided content to a remote Tencent Docs API, but it does not clearly warn the user at execution time that local data will be transmitted off-host. In an automation/agent setting, that omission can lead to unintended exfiltration of sensitive images or text.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal