ClawHub

Aws Wechat Article Writing

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed writing helper that sends selected article content and references to a user-configured AI model, with no evidence of hidden or destructive behavior.

Install only if you are comfortable sending drafts, topic cards, writing rules, selected business reference documents, and WRITING_MODEL_API_KEY to the model endpoint you configure. Use a dedicated API key, choose a trusted provider or internal proxy, and avoid passing secrets, personal data, or confidential documents as references.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly states that full reference documents are injected into prompts and supports third-party or proxy OpenAI-compatible endpoints, but it does not warn users that local repository content may be transmitted to external model providers. In this skill context, that omission is meaningful because the referenced files may contain internal product, marketing, or business information, increasing the risk of unintended data disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script constructs prompts that include full topic cards, article drafts, optional image-analysis content, and full reference documents, then sends them to a third-party LLM API. There is no explicit consent gate, redaction step, or clear runtime warning that potentially sensitive repository content will leave the local environment, which creates a real confidentiality and privacy risk if users pass proprietary or personal data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The manifest grants filesystem, network, and shell permissions together, which is a highly privileged combination that can read local data, execute commands, and exfiltrate results. In a writing skill, third-party model access may justify network access, but shell access and broad local access are not clearly disclosed to users, increasing the risk of unexpected command execution or data exposure if the skill or its prompts are abused.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal