ClawHub

Md To Zhihu

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it stores Zhihu login cookies and can publish from the user's account with under-disclosed session and browser-debugging risks.

Install only if you are comfortable giving the skill access to your Zhihu session and letting it create drafts or publish from your account. Prefer draft mode first, use it on a trusted single-user machine, and delete the saved cookie file and browser profile when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises and instructs use of file I/O, shell execution, and networked publishing, yet declares no permissions or trust boundaries. That mismatch is a real security issue because it hides sensitive capabilities from users and reviewers, making it easier for a skill to read local content, write artifacts, and interact with external services without explicit disclosure.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The code explicitly launches a real browser with remote debugging and states that this 'completely avoids automation detection,' indicating deliberate evasion of platform anti-bot controls. This increases security and compliance risk because it weakens user visibility, may violate platform protections, and exposes a local CDP control surface that can be abused by other local processes while the port is open.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill supports automated publication and persistent Zhihu cookie storage but does not clearly warn that session cookies are equivalent to account access or that automation can create irreversible account actions. In context, this is more dangerous because the skill is explicitly designed to post content on behalf of the user, so stolen or mishandled cookies could enable unauthorized publishing, draft manipulation, or account abuse.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Session cookies are stored in a plaintext JSON file on disk without any permission hardening, encryption, or prominent warning to the user. If another local user, process, backup system, or malware accesses this file, the Zhihu session can potentially be hijacked and used to impersonate the user for publishing or account actions.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal