ClawHub

内容裂变工厂

Security checks across malware telemetry and agentic risk

Overview

This skill automates trend collection, article/card generation, and Feishu archiving as advertised, with no evidence of hidden or destructive behavior.

Install only if you are comfortable with trend data, generated article text, and card links being sent to the configured Feishu workspace. Use draft mode for review, restrict the Feishu bot to the intended folder, verify dependent skill permissions, and avoid scheduled runs until the sources and archive destination are correct.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill states that Feishu documents are private by default, but the actual workflow sets `grant_to_requester: true`, which actively shares access with the requester. This mismatch can mislead users about who can read generated content and may expose internal drafts, analysis, or scraped material to unintended parties.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README describes a workflow that fetches third-party platform content, generates derivative content, and uploads results to Feishu, but it does not clearly disclose what data is transmitted to each external service, what permissions are used, or whether created documents are private or team-shared by default. In a content automation skill that interacts with external platforms and archives outputs, this omission can lead to unintended disclosure of scraped data, generated content, account metadata, or broadly accessible documents.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases include broad, natural-language expressions such as '生成今日内容选题' and '热点文章一键搞定', which may be matched during ordinary conversation rather than deliberate invocation. That raises the risk of unintended execution of a workflow that performs external data collection and document publication actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill is positioned as an end-to-end automation chain that fetches trending content and then publishes or archives results to Feishu, but the user-facing description does not prominently warn that external services will be queried and content may be persisted remotely. Insufficient disclosure reduces informed consent and increases the chance users trigger actions with privacy, compliance, or operational consequences they did not expect.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow can automatically create and store generated content in Feishu when draft=false, but the manifest does not prominently disclose this outbound publication behavior to users. This can lead to unintended data propagation, accidental disclosure of sensitive inputs or generated content, and persistence of material in a third-party workspace.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal