ClawHub

hello-honey

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it advertises, but it needs review because it combines scheduled outbound messaging, stored account credentials, and voice-cloning data with limited privacy and cleanup guidance.

Review before installing. Use a dedicated low-privilege Feishu app, avoid placing secrets directly in the script if possible, only use a voice sample with clear consent, confirm how the Noiz TTS provider handles reference audio, and add your own cleanup steps for cron, credentials, state files, generated audio, and the stored reference voice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill asks users to provide sensitive platform identifiers and a voice sample for cloning without any consent, retention, sharing, or misuse warning. Voice samples are biometric-like data and, combined with account identifiers, increase privacy and impersonation risk if stored, leaked, or reused beyond the stated purpose.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill promotes automated scheduled messaging to Feishu and QQ but does not warn users that it will send messages to external platforms on their behalf. Without clear notice and guardrails, users may unintentionally spam recipients, violate platform policies, or expose personal content through unattended outbound automation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script encourages embedding Feishu app secrets and recipient identifiers directly in source code. Hardcoded secrets are easily exposed through file disclosure, backups, logs, or repository commits, enabling unauthorized API use and message impersonation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal