ClawHub

toutiao-article-publish

Security checks across malware telemetry and agentic risk

Overview

This skill is meant to automate Toutiao publishing, but it can post or schedule real content from the user's logged-in account with broad triggers and unclear confirmation controls.

Install only if you intend to let an agent operate a real Toutiao publishing session. Require preview plus explicit confirmation before every publish or scheduled post, use a dedicated/test account where possible, and narrow triggers to Toutiao-specific commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes automated publishing, scheduled posting, and reuse of the user's logged-in browser session, but it does not prominently warn that the skill can take real external actions on a third-party account. In an agent/automation context, unclear disclosure of live posting behavior increases the risk of unintended publication, reputation damage, spam, or policy-violating posts being sent under the user's identity.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger keywords are broad enough to match ordinary writing or publishing requests, which can cause the skill to activate when a user only intended drafting help rather than live platform posting. In this skill, unintended invocation is especially risky because it uses an existing logged-in browser session and performs real publishing actions, so accidental activation can directly lead to unauthorized or premature posts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill does not prominently warn users that it will reuse their current logged-in browser session to perform live publishing actions on their Toutiao account. That omission undermines informed consent and makes accidental account actions more likely, particularly since the document emphasizes automation and successful publishing flows rather than explicit user approval boundaries.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list contains generic phrases such as '发布文章', '头条文章', and '写文章发布' that can match ordinary content-writing or publishing requests without clearly scoping them to Toutiao. Because this skill performs end-to-end automated publishing, overly broad activation increases the chance of unintended invocation, causing the agent to draft, upload assets, or publish content to a live platform when the user did not explicitly request that action.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal