ClawHub

旅游攻略多平台抓取助手

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it can control a logged-in browser and persist scraped content with limited safeguards.

Install only if you are comfortable letting the skill automate a browser for scraping travel sites. Use a separate Chrome profile or throwaway accounts, review the referenced xiaohongshu-crawler helper before eval-based extraction, close the CDP-enabled browser afterward, and delete generated task/data files when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrases are broad enough that the skill may activate on loosely related requests, causing unintended browser automation, web fetching, and local file writes. In this skill's context, accidental invocation matters because it orchestrates multi-platform scraping and persistent task creation under the user's home directory.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs cross-platform fetching, browser control, login-dependent scraping, and writes to persistent local paths without an upfront warning or consent gate. That increases the risk of privacy-impacting actions, unexpected automation against authenticated sessions, and unanticipated filesystem changes before the user understands the behavior.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script automatically launches Chrome with --remote-debugging-port=18800, exposing a powerful browser control interface without explicit consent or a clear security warning. If that debugging endpoint is reachable by other local users, containers, or network paths depending on Chrome/bind behavior and host configuration, an attacker could inspect pages, cookies, and automate browser actions.

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
# 为每个平台创建 3 个文件
# 任务文件(Main Agent 写一次)
write ~/.openclaw/workspace/tasks/小红书_2026-04-24_任务.md
# 状态文件(Subagent 写进度,Main Agent 读状态)
write ~/.openclaw/workspace/tasks/小红书_2026-04-24_状态.md
# 数据文件(Subagent 写攻略,Main Agent 读汇总)
Confidence
81% confidence
Finding
write ~/.openclaw/workspace/tasks/小红书_2026-04-24_任务.md # 状态文件(Subagent 写进度,Main Agent 读状态) write ~/.openclaw/workspace/tasks/小红书_2026-04-24_状态.md # 数据文件(Subagent 写攻略,Main Agent 读汇总) write ~/.openclaw/

Session Persistence

Medium
Category
Rogue Agent
Content
#### Step 1: 准备三文件(Main Agent)
```bash
# 创建任务目录
mkdir -p ~/.openclaw/workspace/tasks

# 为每个平台创建 3 个文件
write ~/.openclaw/workspace/tasks/小红书_2026-04-24_任务.md
Confidence
81% confidence
Finding
mkdir -p ~/.openclaw/workspace/tasks # 为每个平台创建 3 个文件 write ~/.openclaw/workspace/tasks/小红书_2026-04-24_任务.md write ~/.openclaw/workspace/tasks/小红书_2026-04-24_状态.md write ~/.openclaw/workspace/tasks/小红

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal