ClawHub

Auto Contents

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent, but it should be reviewed because it can autonomously send agent-generated news and content through connected WeChat, Feishu, and optionally Xiaohongshu accounts.

Install only if you intentionally want an agent to operate the local MakeContents system and distribute content through your configured destinations. Confirm the exact WeChat and Feishu targets, keep Xiaohongshu publishing disabled unless needed, use least-privilege credentials, and periodically review or clear the agent-rules.md memory file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description is broad enough to match many loosely related 'content' or 'news' tasks, which can cause the agent to invoke a highly privileged automation skill in situations where the user did not clearly request end-to-end fetching, posting, publishing, or notification actions. In this skill, overbroad invocation is more dangerous than usual because the skill can autonomously push content to WeChat/Feishu and publish to Xiaohongshu via local APIs, increasing the chance of unintended external actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The API explicitly supports external side effects including writing to Feishu knowledge bases/bitables, sending bot notifications, and publishing content to Xiaohongshu, but the documentation does not define a consistent user-consent, disclosure, or approval boundary for these actions. In an autonomous agent context, this increases the risk of unintended external dissemination of generated or source-derived content, including sensitive, copyrighted, or reputationally risky material.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow instructs the agent to derive selection preferences from historical data and write them into permanent memory, but it provides no retention limits, content restrictions, or notice about persisting user/system-derived information. This can cause silent accumulation of behavioral profiles, internal preferences, or sensitive operational context that may later influence agent behavior or be exposed unintentionally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal