ClawHub

AI全链路内容创作工厂

Security checks across malware telemetry and agentic risk

Overview

The skill is clearly a content-production workflow, but it can publish through a user's Xiaohongshu session and its confirmation/scoping is not consistently documented.

Review before installing. Use it only if you intend to connect content generation to external services and possible public posting. Require a preview and explicit confirmation before every publish action, verify which account is active, and avoid providing sensitive drafts, private media, or session cookies unless you trust the publishing tool and understand how credentials are handled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README describes automatic rewriting and publishing to Xiaohongshu using an authenticated cookie session, but it does not clearly warn users about account-impact, privacy exposure, or the consequences of posting under their identity. In a skill that chains content generation directly into publication, omission of explicit confirmation and risk disclosure increases the chance of accidental or unauthorized posts, leakage of sensitive content, or platform-account sanctions.

Natural-Language Policy Violations

Medium
Confidence
68% confidence
Finding
The README states an English-hotspot-to-Chinese-output workflow for cross-border creators without indicating that language should be selected by the user. While not as severe as direct account misuse, hardwiring language transformation can cause unintended disclosure, misrepresentation, or publication in the wrong language/context, especially in automated cross-platform workflows.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad, generic content-creation terms such as 写文章 and 创作内容, which can cause the skill to activate for ordinary writing requests where the user did not intend to invoke a multi-step workflow. In this skill, accidental activation is more dangerous because it can cascade into external search, content generation, image creation, and possible publishing across multiple services.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill orchestrates several external tools, including web search, image generation, rendering, and a publishing service, but the description does not prominently warn that user prompts, generated content, and possibly metadata may be shared across multiple third-party services. This is especially risky here because the workflow explicitly culminates in external publication, creating privacy, consent, and unintended disclosure risks if users assume the task is local or draft-only.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad, generic requests like '写文章' and '帮我写文章', which can cause the skill to activate for ordinary user intents that do not imply consent to this full workflow. In this skill context, overbroad activation is more dangerous because the workflow chains content generation with downstream publication behavior, increasing the chance of unintended execution and data exposure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow includes an external publishing step to 小红书 but does not present any explicit user-facing warning, consent checkpoint, or disclosure that content and possibly account-linked data will be sent to a third-party platform. In a content-production skill, this is especially risky because users may expect drafting assistance, not automatic posting, which can lead to accidental publication, privacy leakage, reputational harm, or unauthorized use of connected accounts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal