ClawHub

全网作品数据抓取分析工具(抖音小红书视频号快手B站通用)

Security checks across malware telemetry and agentic risk

Overview

The skill performs the advertised scraping, but it also has under-disclosed donation prompts, broad auto-activation, automatic Feishu export after setup, and plaintext credential persistence that users should review before installing.

Install only if you are comfortable with a scraper that may use browser automation and anti-detection techniques, can automatically sync successful results to Feishu after you configure it, and stores Feishu secrets locally in plaintext. Review or disable the appreciation module if unsolicited browser donation prompts or persistent usage tracking are not acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (18)

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The skill explicitly recommends TLS fingerprint simulation to bypass platform detection and uses scraping strategies intended to evade anti-bot controls. That expands the skill from ordinary data retrieval into stealthy collection behavior, increasing legal, platform-abuse, and security risk if operators use it broadly or against protected endpoints.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The documented browser automation and arbitrary JavaScript execution against third-party pages materially exceed a simple analysis skill and create a higher-risk execution model. Such instructions can be repurposed to automate interaction with dynamic pages, extract additional data, or normalize unsafe browsing behaviors under a benign label.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
This file implements a donation/appreciation workflow rather than functionality related to scraping or analyzing social-media data. In a skill advertised as a scraping tool, hidden monetization logic is risky because it introduces unrelated behavior, opens a UI flow, and persists state without being part of the declared feature set.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The code starts a localhost HTTP server and opens the user's browser to complete a donation flow, even though the skill is supposed to scrape platform data. Spawning a server and launching a browser are intrusive side effects that expand attack surface and can surprise users or be abused in environments where the skill is expected to be non-interactive.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill metadata describes scraping, parsing, viewing, and analyzing content data, but this module introduces a separate data-export capability that persists and transmits results to Feishu. In an agent-skill context, capability expansion beyond the declared purpose is security-relevant because users may not expect scraped data to be written to external services or local config state.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
This code actively pushes scraped records to Feishu through either a local CLI or remote API, creating a write/export channel that exceeds the likely user expectation for a scraping-analysis tool. In agent environments, undisclosed outbound write behavior increases privacy and data-governance risk even if the destination is legitimate.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill includes an unrelated appreciation/donation module and labels it as core-integrated and non-removable, even though the skill’s stated purpose is data scraping/analysis. Adding monetization side effects into a core execution path creates undisclosed behavior and expands the trust boundary beyond what users expect from a scraper.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The main scrape entrypoint executes a donation-check side effect on every scrape request without this behavior being disclosed in the skill description. Hidden side effects in a core function are dangerous because they can surprise users, trigger UI/network behavior, or be later repurposed for tracking or coercive prompts.

Intent-Code Divergence

Low
Confidence
90% confidence
Finding
The comments are internally inconsistent: one section describes appreciation as non-mandatory, while another says it is core-integrated and non-removable, and the code runs it on each scrape. This mismatch is a security-relevant transparency issue because misleading comments can conceal side effects from reviewers and operators.

Vague Triggers

High
Confidence
93% confidence
Finding
The trigger set is very broad and overlaps with ordinary user requests like '查看数据' or '分析数据', making accidental activation likely. Overbroad activation is dangerous here because the skill can perform network retrieval, file output, and downstream syncing, so unintended invocation could expose data or run higher-risk workflows without clear user intent.

Vague Triggers

High
Confidence
94% confidence
Finding
The activation condition allows automatic invocation whenever generic keywords are mentioned, without clear scoping to a specific platform link or explicit request to scrape. In context, this makes the skill more dangerous because activation can lead to external data collection or browser-based workflows based on ambiguous conversation text.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that successful scrapes will be automatically synchronized to Feishu, but it does not present a strong, explicit warning that scraped content will be transmitted to an external service and retained there. That creates a meaningful data disclosure risk, especially if users assume the tool only returns local results in-chat.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The main entry point increments persistent usage state and may trigger a browser-based donation prompt with no user-facing warning at the call site. Silent persistence plus unsolicited UI behavior violates user expectations and can be dangerous in automation, CI, server, or shared-user environments.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
App credentials are stored in a plaintext JSON file under the user's home directory without permission hardening or a prominent warning to the user. If the local environment is shared, compromised, or backed up insecurely, these Feishu secrets can be recovered and abused to access or modify connected data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Once enabled, the module automatically transmits scraped result fields to Feishu without an explicit user-facing warning at send time, which can cause unintended disclosure of collected content metadata. In this skill context, the danger is elevated because the advertised purpose is data scraping/analysis, not continuous external syncing or archival to third-party systems.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Successful scrape results are automatically pushed to Feishu without any clear confirmation or per-request consent in this file. That creates an undisclosed external data transfer path, which can leak scraped content, identifiers, or user-supplied URLs to a third-party service.

Ssd 3

High
Confidence
95% confidence
Finding
The skill solicits App ID and App Secret for Feishu and implies configuration persistence for later automatic use. Collecting and storing third-party credentials inside a general-purpose skill creates a sensitive secret-handling obligation; if mishandled, those credentials could be exposed or abused to access or modify user data in Feishu.

Ssd 3

Medium
Confidence
90% confidence
Finding
Automatically forwarding every successful scrape to Feishu constitutes onward disclosure of collected data by default. Even if the destination is user-controlled, automatic exfiltration semantics increase privacy and compliance risk when users may not expect each retrieval to be persisted externally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal