ClawHub

Qiniu Upload

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: uploads selected local files to Qiniu and returns public CDN URLs, with privacy and credential-handling precautions needed.

Install only if you intend to let the agent publish chosen files to your Qiniu bucket. Use a least-privilege Qiniu key, keep the secret out of chat and source files, verify the exact local path before upload, and do not upload private documents, credentials, or personal data unless the bucket's access policy is appropriate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The example trigger phrase "把这张图片上传到网上" is broad enough to match ordinary user requests and can cause the skill to activate in situations where the user did not specifically intend Qiniu/public CDN publication. In this skill, activation leads to uploading a local file and returning a public URL, so ambiguous routing increases the chance of unintended disclosure of generated or local content.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README explicitly states that local files are uploaded and exposed via a public CDN URL, but it does not warn users that uploaded content may become publicly accessible to anyone with the link or via predictable paths/CDN indexing behavior. Because the skill is meant for images, HTML, and arbitrary documents, the absence of a clear exposure warning creates a substantial risk of leaking sensitive data, internal artifacts, or personal information.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match generic requests like 'upload this file' or 'put this online', which can cause the skill to activate in situations the user did not specifically intend for Qiniu public hosting. In context, this is risky because the skill uploads arbitrary local files and returns a publicly accessible URL, increasing the chance of accidental data exposure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation instructs users to configure long-lived secrets (`QINIU_SECRET_KEY`) but provides no warning about secret handling, redaction, least privilege, or avoiding disclosure in logs and chat. In a skill that relies on cloud credentials for public file uploads, this omission increases the likelihood of accidental credential exposure or insecure storage.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest includes broad invocation language such as "put this file online," which can cause the skill to trigger in situations where the user did not clearly intend public cloud upload. Because the skill uploads files and returns a public CDN URL, an overly broad trigger increases the risk of accidental publication of sensitive or private content.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The manifest advertises uploading files to cloud storage and returning a shareable public CDN URL, but it does not explicitly warn that uploaded content may become publicly accessible. In this context, the omission is dangerous because users may upload images, HTML, or documents assuming temporary or private storage, leading to unintentional data exposure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script uploads an arbitrary local file to a remote cloud bucket and returns a public URL, but it provides no user-facing disclosure, confirmation, or content restrictions before transmitting data off-host. In an agent skill context, this increases the risk of accidental exfiltration of sensitive local files if the skill is invoked on the wrong path or with attacker-influenced input.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal