ClawHub

公众号爆款封面生成

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it uses a RedFox API key and user-provided cover keywords to fetch WeChat cover trend data and generate a local analysis report.

Install only if you are comfortable using RedFoxHub for this workflow. Treat REDFOX_API_KEY as a real credential, avoid using sensitive internal campaign terms as keywords unless they can be shared with redfox.hk, keep debug mode off outside troubleshooting, and delete generated HTML or JSON reports if they contain private planning data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README says users can invoke the skill with unrestricted natural language and '无需记忆固定命令', without clearly scoping when the skill should activate. In an agent environment, broad trigger conditions increase the chance of accidental or adversarial invocation, causing the skill to process unrelated user content, uploaded images, or sensitive context when not intended.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The document advertises writing results to a local output file and enabling `--debug` to print raw API responses, but it provides no warning about sensitive or environment-specific data exposure. In agent or shared workstation contexts, raw responses and generated HTML/JSON files can leak scraped content, account identifiers, query terms, or backend response details into logs, terminals, or persistent storage where other users or tools may access them.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script transmits user-provided keywords and a bearer-style API credential to an external third-party service, but normal execution does not prominently inform the user that their query content will leave the local environment. In a skill context, users may assume a local formatting or analysis tool, so silent network transmission can cause unintended disclosure of potentially sensitive business topics, article plans, or internal campaign keywords.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal