ClawHub

公众号热门原创文章

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate article-ranking purpose, but it sends an API key over HTTPS with certificate checks disabled and can run broad, automatic network-backed workflows.

Review before installing. Only use this if you trust Redfox with your query data and API key, and preferably fix TLS verification before use. Treat the subscription and auto-generated HTML/PDF behavior as opt-in workflows, and avoid using broad prompts that could trigger the skill accidentally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README states users can describe requests in plain language with no fixed commands, which creates an overly broad activation surface for the skill. In agent environments, vague invocation criteria can cause accidental triggering on unrelated conversations, leading to unnecessary tool/API use, unintended data access patterns, or user confusion about when the skill should run.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The listed trigger phrases are common, everyday language such as 'what's hot lately' and 'viral picks,' which are ambiguous and likely to overlap with many benign user requests outside this skill's intended scope. This increases the risk of false activation, causing the agent to invoke the skill when the user did not specifically request WeChat-original-hot content, potentially wasting API calls and producing irrelevant or misleading results.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README explicitly says users can invoke the skill with unrestricted natural language and no fixed command format, which broadens the activation surface and increases the chance the skill is triggered by ordinary conversational text. In agent environments, this can cause unintended tool execution, unexpected external API calls, or subscription-related actions when the user did not mean to invoke this skill.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The example phrases include very generic expressions such as '最新原创爆文' and '爆文推荐', which are plausible in normal conversation and may overlap with unrelated user intent. Because the skill can query external data and offer subscription workflows, ambiguous triggers increase the risk of accidental invocation and unintended downstream actions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases include very common terms such as “原创爆文”, “爆文推荐”, and “今日爆文”, which can overlap with ordinary conversational requests. Overly broad triggers can cause the skill to activate unexpectedly and send user queries to an external API without sufficiently clear intent or consent.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The fallback behavior says unclear input should directly push today's hot articles, meaning ambiguous user text can trigger external requests and content generation without clear authorization. This increases the chance of unintended execution, privacy leakage of user input, and surprise network activity.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description explains how to configure an API key and that it calls an external API, but it does not clearly warn users that their query parameters will be transmitted off-platform along with authenticated requests. This undermines informed consent and can expose potentially sensitive request context to a third-party service.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The mapping uses very broad keywords such as “知识”, “生活”, “娱乐”, and “全部”, which can cause ambiguous or unintended category resolution. In this skill, that can lead to incorrect article retrieval or subscriptions, making the behavior easy to manipulate with vague prompts and reducing the reliability of user-facing results.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script disables TLS certificate and hostname verification while sending an API key and request data to a remote HTTPS endpoint. This allows a man-in-the-middle attacker to impersonate the server, intercept the credential, and tamper with responses, which is especially dangerous because this skill depends on remote content integrity.

Unsafe Defaults

Medium
Category
Tool Misuse
Content
def fetch_articles_api(url: str, params: dict, api_key: str, timeout: int = 30) -> dict:
    """
    使用原生 urllib.request 发 HTTPS POST 请求(verify=False)

    Args:
        url: API 地址
Confidence
99% confidence
Finding
verify=False

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal