ClawHub

Story Short Scan

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly transparent, but it automates a logged-in admin session to pull management data, so it should be reviewed before use.

Install only if you are authorized to access the 黑岩 management console and to export the book data the skill collects. Prefer public pages or approved read-only APIs where possible, use a least-privilege account, keep output files private, and avoid running the 黑岩 scraper against accounts that expose unpublished or sensitive business records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script explicitly instructs the operator to log into an admin console, extracts the Admin-Token from browser cookies, and reuses it to call backend management APIs directly. This bypasses the normal browser interaction model and operationalizes privileged session credentials for automated access to internal/admin data, which creates clear risk of unauthorized data harvesting, token misuse, and abuse of a management interface beyond the public scope described by the skill.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The code targets manage.zhangwenpindu.cn and ms.zhangwenpindu.cn /manage/book endpoints, which are administrative backend surfaces rather than public popularity/ranking pages implied by the skill description. In this context, using admin APIs to collect content metadata is dangerous because it can expose non-public inventory, unpublished records, pricing/status fields, or other operational data not intended for scraping.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal