ClawHub

rednote-ranking-data

Security checks across malware telemetry and agentic risk

Overview

This ranking skill largely matches its stated purpose, but it needs review because it stores contact details, can send recurring reports through external services, and fetches data using unsafe HTTPS settings.

Review before installing. Only enable subscriptions if you are comfortable storing contact details locally and sending report content through configured email or WeChat services. Use limited delivery credentials, avoid sensitive output locations such as synced Desktops, and treat fetched ranking data as potentially tamperable because the HTTPS connection is not normally verified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script silently creates a second copy of the exported data on the user's Desktop after generating the requested Excel file. This expands data exposure beyond the user-specified destination, can leak potentially sensitive ranking/account data into a more visible location, and violates least-surprise and least-privilege expectations for an export utility.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script performs an undocumented side effect by copying the generated image to the user's Desktop after creation. While the copied file is the same output the user requested, writing into an additional user-facing location without explicit consent can violate least surprise, overwrite existing files with the same name, and leak generated content into a more exposed location.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill promotes automatic subscriptions and push delivery but does not clearly warn that data will be sent on an ongoing basis to external delivery channels. This can expose user data, ranking requests, or generated content to third-party messaging systems without sufficiently informed consent, especially when recurring transmission continues after initial setup.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The documentation states that generated images are automatically copied to the desktop without prominently warning users about this file-write side effect. Unexpected writes to a visible or synced desktop location can leak sensitive business data or create privacy issues if the machine is shared or backed up to cloud storage.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The Excel export flow writes files to the desktop but does not clearly present that behavior as a potentially sensitive local write operation. Exported ranking data may contain business intelligence or user-selected analysis results, and saving to a common desktop path can unintentionally disclose that information.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script persists sensitive contact data such as email addresses and WeChat IDs directly into a JSON file on disk without any protection, minimization, or user notice. In a local CLI utility this can expose personal data to other local users, backups, logs, or accidental repository commits, creating a privacy and compliance risk even though it is not an active remote code execution flaw.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal