ClawHub

Webinar Repurpose Studio

Security checks across malware telemetry and agentic risk

Overview

This is a local webinar-content drafting skill; its packaged workflow is disclosed and scoped, though the script contains unused audit helper code that users should be aware of.

Install only if you are comfortable with a local Python script processing files you choose. Keep unpublished or personal material out unless necessary, use explicit input and output paths, review drafts before sending or publishing, and do not modify the bundled spec to audit arbitrary directories unless that is intentionally what you want.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises no declared permissions, yet its instructions explicitly allow local file access and shell execution via `python3`, which creates hidden capability beyond what a reviewer or runtime policy might expect. This is dangerous because users may invoke a seemingly harmless content-repurposing skill that can read local resources, write outputs, and execute code, expanding attack surface and weakening least-privilege controls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The reported behavior mismatch is a serious red flag: a skill presented as webinar-content repurposing allegedly performs broad filesystem inspection, content analysis, risk-pattern scanning, and project auditing unrelated to its stated purpose. Such hidden multipurpose scanning behavior can be used to enumerate sensitive files, inspect local project contents, or perform recon under benign-looking cover, making the context more dangerous because users would not expect security-audit behavior from this skill.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script’s core dispatch logic supports generic auditing modes such as directory, CSV, pattern, and skill-package inspection rather than webinar repurposing. That mismatch is dangerous because a user invoking this skill could be induced to scan arbitrary local files and directories, expanding data access far beyond the stated purpose and increasing the chance of unintended exposure of sensitive content.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
This code scans arbitrary files for secrets, internal URLs, and risky shell snippets, functionality that is unrelated to webinar content transformation. In the context of a content-repurposing skill, this creates an unjustified capability to inspect potentially sensitive local material and surface snippets from it, which could leak confidential data or normalize overbroad file access.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The directory-audit functionality enumerates arbitrary files, reads Markdown content, and summarizes filesystem structure even though the skill is supposed to repurpose webinar materials. This broad filesystem inspection is out of scope and can expose filenames, headings, and project structure from unrelated directories, making the skill more dangerous than its description suggests.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger examples are broad, generic phrases that can overlap with ordinary user requests, which increases the chance the skill is invoked outside its intended boundary. In a content-generation workflow, ambiguous activation can cause the agent to apply this skill to unsuitable inputs, leading to unintended processing of sensitive webinar materials or mis-scoped content transformation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal