ClawHub

下载电影/电视剧/综艺的剧照/海报

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it claims, but it can automatically run an unpinned npm install during normal use and has confusing privacy/session documentation.

Install only if you are comfortable with a Node/Playwright web scraper that downloads public Douban images and may perform an npm install if Playwright is missing. Prefer installing dependencies through the platform setup path first, run it in a low-privilege environment, keep download limits small, and do not use real browser sessions or logged-in profiles with it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
71% confidence
Finding
The skill metadata claims a narrow purpose and privacy posture, but the documented/runtime behavior appears broader: it may install Playwright automatically and potentially support additional scraping targets beyond the stated scope. Description-behavior mismatches are risky because users and orchestrators may grant trust or invoke the skill under false assumptions, increasing the chance of unexpected dependency installation or unintended scraping activity.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The document says the tool does not connect to existing browser sessions for privacy, yet the sample output indicates it attempts to connect to an existing Chrome instance before launching a new browser. Reusing an existing browser session can expose cookies, authenticated state, browsing context, or private data to the tool, which is a significant privacy and session-integrity risk.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The script automatically executes `npm install playwright` at runtime without user confirmation, which causes code from the npm ecosystem to be fetched and executed on the host. That creates a real supply-chain and arbitrary code execution risk, especially because npm packages may run install scripts and because the behavior is not necessary to safely perform the advertised task when dependency installation can be handled ahead of time.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Automatically installing and executing an npm package during normal script operation is unsafe because it performs an unannounced environmental modification and may execute package lifecycle scripts. In a skill context, this is more dangerous because the action is hidden behind ordinary usage of a photo downloader, so users may not expect dependency installation or the associated code execution risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal