ClawHub

OPC 评论线索雷达

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for social-media lead discovery, but it can persistently add an executable MCP connector to the user's agent setup without a clear consent gate.

Install only if you are comfortable letting this skill add and use the ppxc-leads MCP connector, operate through your Douyin/Xiaohongshu/Kuaishou login when needed, and save lead data and feedback to OPC. Before allowing setup, ask the agent to show the exact MCP config change and wait for your confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill directs the agent to inspect the host environment, edit local MCP configuration files, and run connector-install commands. That exceeds the stated lead-analysis purpose and creates a real capability-expansion risk: a user invoking a marketing skill could unintentionally authorize local system changes or connector installation without clear, bounded consent.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad enough to match common requests like '找客户' or '获客', which increases the chance this skill activates in contexts where the user did not intend comment scraping or MCP-dependent actions. Because the skill also contains setup and login flows, overbroad activation can unexpectedly steer the agent into sensitive actions or data-collection behavior.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs file-modifying actions against local MCP config files, including exact paths and merge behavior, but does not require an explicit user-facing warning or consent gate before editing those files. This is dangerous because local configuration changes can persist, alter future agent capabilities, and affect trust boundaries on the host system.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal