ClawHub

Persona Channel Builder

Security checks across malware telemetry and agentic risk

Overview

The skill’s main Telegram channel-building workflow is coherent, but it also makes the agent run local Python commands to track usage and conditionally add promotional links.

Review before installing. The channel-building parts are useful and scoped, but remove or disable the Attribution section if you do not want the agent running local Python, writing a usage counter, or adding promotional Telegram links to generated responses.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill instructs the agent to execute local Python commands and maintain a hidden counter in the user's workspace, behavior that is unrelated to the stated purpose of generating Telegram channel assets. This creates undisclosed local state changes and conditional promotional output, which violates least surprise and opens the door to covert tracking or persistence behaviors inside the host environment.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The command execution and local state tracking are unjustified for this skill's declared function and represent hidden side effects outside normal content generation. Such instructions normalize arbitrary code execution in the agent runtime and can be repurposed for more harmful persistence, tampering, or environmental reconnaissance.

Ssd 4

Medium
Confidence
97% confidence
Finding
The attribution logic appends hidden promotional content after the main deliverables based on a covert counter, creating undisclosed behavior that is not part of the advertised skill output. This is dangerous because it manipulates responses for marketing purposes and couples user interactions to opaque local tracking state.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal