ClawHub

多平台私信合并助手

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: merge user-provided private message exports and optionally fetch DingTalk messages, but the resulting files and credentials need careful handling.

Install only if you intend to process private inbox or customer-message data. Use selected exports, keep generated reports in a private directory, delete them when no longer needed, and use a least-privilege DingTalk app with the message API URL set only to a trusted HTTPS endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs use of environment variables, network access to a DingTalk API, and reading/writing local files, yet it declares no explicit permissions or capability boundaries. This can cause the agent to perform sensitive actions without transparent user consent or proper sandbox policy enforcement, especially because the workflow includes importing message exports and generating output reports from potentially sensitive communications.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are broad enough to match generic requests like '统一收件箱', '客户消息汇总', or '读取钉钉消息', which could invoke the skill in contexts the user did not intend. Because this skill processes multi-platform private messages and may fetch DingTalk data, accidental invocation can expose or aggregate sensitive communications beyond the user's immediate intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation instructs users to supply DingTalk client credentials and pull enterprise message data, but it provides no warning about secure secret handling, least-privilege configuration, output protection, or the sensitivity of retrieved communications. In the context of a message aggregation skill that centralizes private inbox content, this omission increases the chance of credential leakage or inappropriate collection/storage of sensitive business and personal messages.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal