ClawHub

AI新闻多平台发布助手

Security checks across malware telemetry and agentic risk

Overview

This skill clearly describes an AI news content workflow, but it can automatically publish to live WeChat and Xiaohongshu accounts without clear mandatory review controls.

Install only if you intend to let this skill operate connected publishing accounts. Before use, require draft-only mode by default, preview the exact title, body, images, target accounts, and platforms, and approve each publish action explicitly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly promotes fully automated posting to external platforms without clearly warning about the consequences of publishing actions, such as unintended public posting, policy violations, account misuse, or reputational damage. In this skill’s context, the workflow culminates in publishing to WeChat and Xiaohongshu, so the lack of an explicit confirmation/safety boundary increases the likelihood of harmful or accidental real-world actions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases include broad everyday expressions such as '生成今日内容' and '更新内容', which can cause the skill to activate in unintended contexts. Because this skill performs downstream external actions like content generation and publishing, accidental invocation can lead to unreviewed posting, unnecessary data collection, or misuse of connected platform credentials.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises automatic publishing to WeChat and Xiaohongshu but does not present a clear user-facing warning about what content will be sent externally, under whose account it will be posted, or whether review is required. In a workflow that creates and distributes long-form content automatically, this omission increases the risk of accidental publication, reputational damage, leakage of sensitive inputs, and unauthorized use of linked accounts.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The workflow explicitly collects third-party content from Twitter/X, Reddit, and YouTube comments but does not inform the user about external data retrieval, downstream processing, or possible compliance constraints. This is risky because the gathered content may include personal data, copyrighted material, or platform-restricted content that is then summarized, stored, or republished without adequate notice or controls.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger conditions are broad generic phrases such as '更新内容' and '生成今日内容', which can unintentionally match ordinary user requests and cause this workflow to activate in contexts where the user did not explicitly request multi-platform publishing. Because the workflow culminates in publishing to WeChat and Xiaohongshu, accidental invocation can lead to unintended content generation and external posting.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The workflow automatically publishes generated content to external platforms without any visible warning, consent checkpoint, or disclosure in the manifest. In this skill's context, the risk is elevated because upstream content is autonomously gathered, researched, generated, and then posted, creating a direct path from loosely triggered automation to real external actions under the user's account or brand.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal