ClawHub

zhihu blog generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent blog generator, but it needs review because it can pass user topic text through a shell and can produce publishable-looking technical claims that are not source-backed.

Review the scripts before installing. Avoid running the one-click command with untrusted topic strings, expect files to be written under the configured reports directory, and fact-check every generated metric, case study, source-code claim, and personal-experience statement before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script advertises '源码级解读' and presents detailed technical claims, but the content is generated from hard-coded templates rather than verified source analysis. In a blog-generation skill, this can mislead users into publishing fabricated technical explanations, performance numbers, and implementation details as if they were evidence-based, creating integrity and trust risks even though it is not direct code execution or data theft.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The code launches child processes with `shell: true`, which unnecessarily invokes a system shell for simple Node script execution. If any argument or path becomes attacker-controlled now or in future changes, shell interpretation can enable command injection or broaden execution beyond the stated blog-generation purpose.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to download PDFs from external sources and save them locally, but provides no requirement to inform the user or obtain consent for network access and persistent storage. This can cause unexpected data transfers, local disk writes, and retention of third-party content, which is risky in an agent setting because the behavior is autonomous and not clearly surfaced to the user.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill defines a workflow that saves collected web pages and generated outputs to disk in a persistent report directory, but does not warn the user that browsing results, scraped content, and final articles will be retained locally. In agent environments, silent persistence is dangerous because it can store sensitive prompts, copyrighted material, or browsing artifacts without the user's awareness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal