ClawHub

research-web-publisher

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to publish reports online, but its broad automatic triggers and GitHub/CDN publishing steps could expose or change content without clear user approval.

Install only if you intend to use it for deliberate public publishing. Before running it, confirm the exact repository, branch, files, commit message, and whether the report contains anything private, proprietary, or not approved for public release.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
96% confidence
Finding
The skill declares automatic activation on extremely common terms like “研究”, “分析”, and “报告”, which are broad enough to match many unrelated user requests. In an agent setting, this can cause unintended invocation of a workflow that writes files and publishes content to GitHub/CDN, increasing the chance of unauthorized publication or surprising side effects.

Vague Triggers

High
Confidence
97% confidence
Finding
The mandatory auto-trigger section explicitly forces activation for a wide set of generic keywords and publishing-related phrases, making safe invocation ambiguous. Because the skill performs external publication steps, accidental triggering is more dangerous than for a read-only skill: it can lead to unintended deployment of content or repository modifications.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The description promotes publishing reports to GitHub and generating publicly accessible mirror links, but it does not clearly warn that this exposes content through a public repository/CDN. Users may unintentionally publish sensitive or proprietary research data if the agent treats the workflow as routine and automatic.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow includes `git add`, `git commit`, and `git push` commands that modify a remote repository, but it does not require clear user authorization immediately before those actions. In agent-driven environments, repository writes are security-sensitive because they can publish data, overwrite history context, or create audit and supply-chain consequences.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal