ClawHub

AI前沿哨兵

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AI-news collection and report-generation tool, with some setup and credential-handling cautions but no artifact-backed malicious behavior.

Install only if you are comfortable with the skill contacting configured public news/API sources and writing reports locally. If you use Twitter/X support, prefer a low-privilege or throwaway bearer token and avoid saving sensitive tokens in the WebUI unless you accept browser localStorage persistence; rotate/delete the token if the local page origin is shared or exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains broad, common phrases such as 'AI资讯', 'AI动态', '科技新闻', '晨报', and '晚报', which can cause the skill to activate during ordinary conversation rather than through deliberate invocation. Because the skill can perform network collection and file generation, accidental activation increases the chance of unexpected external requests and side effects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description emphasizes automatic multi-source collection and report generation but does not clearly warn users that the skill will contact external services and write output files. Missing transparency around these side effects undermines informed consent and makes accidental data transfer or local artifact creation more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code persists `state.settings.twitterToken` into `localStorage`, which is readable by any script running in the page origin, including injected third-party code or code reached via an XSS bug elsewhere in the app. Bearer tokens are credentials, so browser persistence without warning or safer storage materially increases the chance of credential theft and long-lived compromise.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal