ClawHub

Yunlv Linkedin Writer

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real B2B outreach-writing skill, but its privacy disclosures are inconsistent about sending and retaining prospect details.

Install only if you are comfortable sending prospect and company context to Yunlv's API using your TRADEGPT_API_KEY. Avoid entering unnecessary names, LinkedIn profile URLs, confidential notes, regulated personal data, or sensitive business context, and clear the local data directory if generated messages contain information you do not want retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill makes privacy/storage assurances that conflict with later statements about retained message records, local storage paths, and write permissions. Contradictory data-handling claims can cause users to disclose prospect data under false assumptions, weakening informed consent and creating compliance and privacy risk.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The data-flow section says data stays local or is locally processed, yet the same section states that user-provided background data is sent to the external Yunlv API. This mismatch is dangerous because users may provide personal or business-sensitive prospect details believing no third-party transfer occurs.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The skill claims that no personal information is transmitted or processed, but its examples and workflow rely on prospect names, titles, company affiliations, LinkedIn URLs, and background context—all of which can be personal data. Misrepresenting PI handling can create legal exposure, policy violations, and user trust failures, especially in a prospecting context.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Overly broad triggers like generic LinkedIn/B2B social phrases can cause unintended skill activation in unrelated conversations. While not a direct exploit primitive, this increases the chance of inappropriate routing and accidental disclosure of user context to an external API if the skill auto-runs on weak matches.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes generic terms such as '联系消息', '专业消息撰写', and 'LinkedIn' that can match ordinary user requests unrelated to this specific skill. Overbroad activation can cause the agent to invoke this external-network skill in unintended contexts, increasing the chance of unnecessary data exposure to the configured third-party API and reducing routing precision.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal