ClawHub

Apifox Exporter

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it automates a logged-in Apifox account and exports API data with broad triggers and weak scoping, so it should be reviewed before installation.

Install only if you are comfortable letting it reuse an Apifox browser session and export project API definitions. Before running it, change the hardcoded/default team and project values, use explicit Apifox-specific commands, verify the browser is on the intended project, avoid the fallback mode unless the intended export is the newest JSON in Downloads, update/pin Playwright, and delete the saved browser profile, raw source JSON, debug screenshots, and Desktop export when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase shown in the README is extremely broad and maps to a common user request rather than a narrowly scoped skill invocation. In an agent environment, this increases the chance the skill activates unintentionally for ordinary documentation-update requests, causing unexpected browser automation or external actions without clear user intent.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill defines very broad trigger phrases such as “更新接口文档”, “导出接口”, and “刷新 Apifox 接口”, which are close to normal user language and could be invoked unintentionally in routine conversation. Because this skill performs browser automation, uses saved login state, accesses a cloud service, and exports potentially sensitive API data, accidental triggering could cause unintended authentication reuse and data export.

Vague Triggers

Low
Confidence
79% confidence
Finding
The statement that the skill supports “多种自然语言口令格式” does not define clear matching boundaries, making it harder to reason about what user input will activate automation. In this context, ambiguity increases the chance of unintended execution, especially since the skill can log into Apifox, traverse teams/projects, and export documentation automatically.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script automatically saves exported API data to a predictable local path without requiring explicit user confirmation at the point of write. In this skill context, the downloaded file may contain sensitive internal API specifications, so silent persistence to disk increases the risk of unintended local data exposure, retention, or later access by other local users/processes.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script invokes a secondary Node.js script via a child process to post-process the exported API data, but does so implicitly and without integrity checks or user confirmation. In this context, executing a local script from a workspace directory can be dangerous because a modified or replaced export.js would run with the user's privileges and access the exported sensitive data.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script automatically scans the user's Downloads folder, selects the most recent JSON file, and copies it into the workspace without validating that it is actually the intended Apifox export. This can unintentionally ingest unrelated sensitive local data and duplicate it into another location, creating privacy and data-handling risk.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger "更新接口文档" is broad enough to match normal developer requests about documentation updates, yet it launches a browser-automation script that exports API data. In this skill context, accidental activation could cause unintended access to Apifox, export potentially sensitive interface definitions, and write artifacts to local workspace paths without the user explicitly requesting that workflow.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger "导出接口" is highly generic and can easily collide with routine requests to export interfaces or API descriptions in other tools. Because it directly executes the automation script, a benign user utterance could invoke a privileged export workflow and expose internal API specifications or overwrite expected output files.

Vague Triggers

Low
Confidence
82% confidence
Finding
The phrase "刷新 Apifox 接口" is less generic than the other triggers but still lacks clear indication that it performs an export operation and local file writes. In context, this could surprise users who intended a harmless refresh action, especially since the skill automates browser behavior against a default team/project and produces artifacts on disk.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"install-playwright": "npx playwright install chromium"
  },
  "dependencies": {
    "playwright": "^1.40.0"
  },
  "keywords": [
    "apifox",
Confidence
90% confidence
Finding
"playwright": "^1.40.0"

Known Vulnerable Dependency: playwright==1.40.0 — 1 advisory(ies): CVE-2025-59288 (Playwright downloads and installs browsers without verifying the authenticity of)

High
Category
Supply Chain
Confidence
98% confidence
Finding
playwright==1.40.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal