ClawHub

Parse Dedao

Security checks across malware telemetry and agentic risk

Overview

This Dedao note parser is not clearly malicious, but it needs review because it can browse arbitrary URLs and write scraped content/images to an under-disclosed fixed local folder.

Install only if you are comfortable reviewing and editing the scripts first. Restrict accepted URLs to trusted Dedao links, change the output directory to a user-approved workspace path, add overwrite protection and image size/count limits, and avoid running Chromium with sandboxing disabled on a normal desktop environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill is presented as a Dedao-specific parser, but its documented behavior exposes a much broader capability set: parsing arbitrary webpages, writing extracted content to a fixed local path, and fetching image binaries via browser navigation. This expands the trust boundary significantly and can enable unintended local file writes, processing of untrusted remote content, and misuse as a general-purpose web retriever without clear user consent or domain restrictions.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The image download loop fetches every discovered remote image URL and stores the full response body in memory without enforcing a maximum count, total size, or strict domain allowlist. A malicious or unexpected page could reference many large images or non-dedao hosts, causing memory exhaustion, bandwidth abuse, or unintended server-side requests to attacker-controlled infrastructure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal