ClawHub

Danke Blog Writer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed personal blog-writing helper with optional Halo publishing, but users should review drafts carefully before posting.

Install this only if you want this specific personal Chinese blog workflow. Review generated posts for accurate authorship, personal-experience claims, and tone before publishing, and confirm that the separate halo-blog skill has only the blog access you intend.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is advertised as a dedicated blog-writing assistant for 晨玙(老板), but the referenced style guide is explicitly for Tom Panos and encodes his voice, beliefs, phrases, and writing patterns. This creates a clear persona-integrity and content provenance issue: the agent may generate text that impersonates or misattributes another person's style, causing brand confusion, misleading outputs, and potential reputational harm in a publishing workflow.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are very broad, natural-language requests such as '帮我写篇关于 xxx 的博客' and '把这篇发布到博客', which increases the chance the skill is invoked unintentionally during ordinary conversation. Because this skill includes a publishing capability to a live external blog, accidental invocation could lead not just to draft generation but to unintended external actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README advertises one-click publishing to a live blog endpoint without any warning, confirmation requirement, or mention of safeguards around external side effects. In context, this is more dangerous because the same skill also accepts casual everyday prompts, so a user could trigger content publication to a production blog without understanding that an external system will be modified.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal