ClawHub

公众号热门文章查询

Security checks across malware telemetry and agentic risk

Overview

The skill appears related to article trend/search work, but its documentation reportedly includes a live-looking API key and recurring push-tracking behavior that need review before installation.

Install only after the publisher removes and rotates the exposed API key, replaces it with a placeholder, and documents how credentials are supplied securely. Also verify whether daily push/subscription behavior is actually implemented; if so, require explicit opt-in, visible schedules, rate limits, and easy cancellation before use. Avoid debug mode with real or sensitive API responses unless output is redacted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The README advertises a subscription and push-notification feature that goes beyond the declared search-focused purpose of the skill. Capability drift like this can mislead users and reviewers about what the skill does, and if implemented, could enable unsolicited outbound messaging or persistent task creation without clear consent and governance.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
Documenting creation of a scheduled daily push task expands the operational scope from passive search to ongoing automated actions. That increases risk because recurring tasks can continue after the initial interaction, potentially causing spam, privacy issues, or unauthorized notifications if not tightly controlled.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The usage scenario describes automatic daily tracking and push delivery, which is broader than the stated article-search and inspiration use case. This mismatch can hide persistence and notification behavior from platform governance and user expectations, making abuse or accidental overreach more likely.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The documentation embeds what appears to be a real external API credential in a markdown spec file, even though the file’s purpose is only to describe data formats. Exposed credentials can be copied and abused by anyone with access to the repository or generated skill package, leading to unauthorized API use, quota exhaustion, billing exposure, or downstream data access.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
Documenting a `--debug` mode that prints raw API responses without any warning increases the chance that sensitive returned content, identifiers, or operational metadata will be written to terminals, logs, or shared artifacts. In this skill context, API responses may contain article metadata and possibly provider-side fields not intended for wider disclosure, so debug output can expand accidental data exposure.

Missing User Warnings

High
Confidence
99% confidence
Finding
The request-header example includes a live-looking API key and gives no indication that it is sensitive secret material. This makes accidental reuse and propagation more likely, and in a searchable documentation file the exposure is especially dangerous because consumers may treat the credential as intended for direct use.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal