ClawHub

检测并优化AI生成的小红书文案,去除机械感和模板化表达,增加真人口语化和情感化表达,让内容更自然、更有温度。适用于已有AI生成文案但希望提升真实感的场景。

Security checks across malware telemetry and agentic risk

Overview

This is a text-editing skill that reads or edits user-selected writing files and does not show the network, credential, or hardcoded-token behavior flagged by the advisory scan.

Install only if you want an agent to review and rewrite prose. Use edit mode only on files you are comfortable changing, and remember that humanizer-context.md in the project root may be read as optional voice guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill documentation advertises 'no configuration needed' and instructs users to run a bundled script that can access environment variables, read files, and make network requests, yet the skill declares no permissions. That mismatch weakens trust boundaries and can lead users or orchestrators to approve execution without realizing the script can transmit local file content and auth material to a remote service.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
This is a real security issue because the documented purpose is narrow, but the underlying behavior reportedly includes a hardcoded bearer token, credential-based login, arbitrary base URL selection, and raw JSON output. In combination, those behaviors can enable secret misuse, SSRF-like outbound access or data exfiltration to attacker-controlled endpoints, and disclosure of backend responses beyond the intended transformed text.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script hardcodes a bearer token and automatically uses it whenever DASHBOARD_TOKEN is not set. Embedding live credentials in code is a real secret-management flaw because anyone with access to the skill can extract and reuse the token to access the backend API outside the intended workflow.

Missing User Warnings

High
Confidence
98% confidence
Finding
The embedded bearer token is not only present in code but is silently used without informing the operator, which can conceal that requests are being authenticated with someone else's credential. This increases the chance of unauthorized API use, attribution problems, and accidental reliance on a compromised shared secret.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal