ClawHub

智谱调用MCP,需要开通coding plan

Security checks across malware telemetry and agentic risk

Overview

This Zhipu AI skill is mostly purpose-aligned, but it needs review because it automatically reads a saved API key and sends user-selected content to remote Zhipu/BigModel services through npm/MCP tooling.

Install only if you trust Zhipu/BigModel and the npm packages invoked by npx with your Zhipu API key. Use a limited key if possible, expect account or quota usage, avoid sending confidential screenshots, videos, URLs, prompts, or private repository data, and review download paths before running the example scripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This wrapper reads a long-lived API credential from a local auth store and automatically exposes it to a child process via an environment variable. That creates a credential-propagation path outside the skill's declared image/search/video functionality, increasing the risk of accidental leakage, misuse by downstream tooling, or abuse if the invoked package/config is modified or compromised.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The read_when section contains a very broad list of generic terms such as OCR, screenshots, search, web reading, GitHub, image generation, and video generation, making the skill likely to activate for many unrelated user requests. Over-broad triggering increases the chance the agent invokes tools that upload local files or access external content without the user intending to use this specific third-party service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation encourages sending local screenshots, videos, webpage contents, and repository files to remote services but does not provide explicit user-facing warnings that these materials leave the local environment. This is dangerous because users may unknowingly transmit sensitive source code, credentials in screenshots, private documents, or proprietary repository contents to a third-party API.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal