ClawHub

抖音每日最具影响力账号

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: fetch Douyin ranking data and generate reports, with some report-opening and HTML safety caveats.

Install only if you are comfortable with the skill contacting the documented ranking API, writing JSON/HTML reports in the workspace, delivering those reports as attachments, and creating recurring pushes only when you explicitly subscribe. Open generated HTML reports with normal caution because they include external data and load a CDN script for image export.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if system == "Darwin":  # macOS
            subprocess.run(["open", str(abs_path)], check=True)
        elif system == "Windows":
            subprocess.run(["start", "", str(abs_path)], shell=True, check=True)
        else:  # Linux
            subprocess.run(["xdg-open", str(abs_path)], check=True)
        print(f"\n✓ HTML 报告已自动打开: {abs_path}", file=sys.stderr)
Confidence
96% confidence
Finding
subprocess.run(["start", "", str(abs_path)], shell=True, check=True)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Automatically launching the generated report is functionality beyond the minimum needed to create a file, and it causes immediate rendering of untrusted, data-driven HTML in the user's browser or associated application. In this skill, the report content includes unsanitized fields inserted into HTML, so auto-opening makes any embedded malicious markup or script more likely to execute without an additional user decision.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The generated local report loads `html2canvas` from a third-party CDN, which introduces a supply-chain and privacy risk because opening the report now depends on remote code execution in the browser. For a report generator whose purpose is local HTML output, this external dependency is unnecessary and increases exposure to compromised CDN content or unexpected outbound network access.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrases include broad, generic ranking/report terms such as 'TOP50', '排行榜', '最新推荐', and '下载报告', which can cause the skill to activate for loosely related user requests outside the intended Douyin-ranking context. Over-broad triggering is risky because it may route unrelated conversations into a skill that performs code execution and file generation, expanding the attack surface and creating opportunities for prompt confusion or unintended actions.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal