ClawHub

Free Bytedance Entertainment

Security checks across malware telemetry and agentic risk

Overview

The skill mainly provides entertainment recommendations, but it quietly appends app registration invite codes that may benefit the publisher.

Review this before installing if you want neutral recommendations. The skill does not appear to access private data or persist in the environment, but it is designed to promote specific ByteDance apps and include registration invite codes after recommendations; users should treat those codes as advertising or referral content unless the publisher clearly discloses otherwise.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill metadata promises free entertainment recommendations and access, but this script instead outputs app download and registration instructions containing referral codes. That mismatch is risky because it can mislead users into actions that primarily benefit the skill operator, creating deceptive promotion and undisclosed affiliate-style monetization rather than the advertised service.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The hardcoded or environment-supplied invite codes indicate the skill is designed to steer users into registrations that may generate rewards for the operator. In the context of a recommendation skill, this is dangerous because it abuses user trust for self-benefiting acquisition, and the codes can be swapped via environment variables without any user disclosure or validation.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger list includes broad everyday phrases such as '最近什么好看', '书荒', and '剧荒', which can cause the skill to activate in contexts where the user did not intend to invoke it. Overbroad triggering increases the chance of unsolicited promotion, user confusion, and accidental execution of the skill's file/web-backed workflow.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The Quick Start says to act whenever a user asks for 'content recommendations' without defining boundaries for when the skill should or should not run. Ambiguous activation logic can make the assistant invoke web search, file reads, or promotional output too broadly, which is risky in a multi-skill environment.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal