ClawHub

social-content

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only social media planning skill with reasonable cautions around local marketing context and compliant social-platform research.

Use this for drafting and planning social posts. Keep posting, commenting, reposting, and DMs under explicit user approval, avoid storing secrets in .claude/product-marketing-context.md, and use official APIs, platform exports, permitted manual sampling, and privacy-conscious handling when analyzing third-party social posts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger description is broad enough to match many ordinary mentions of social media, platform names, or related terms, which can cause the skill to activate when the user did not actually request social-content help. Over-broad invocation increases the chance of context hijacking, inappropriate routing, and unintended file/context access such as reading auxiliary marketing context files before the user clearly asked for this skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guidance explicitly encourages collecting 500-1000+ posts at scale using scraping and automation tools, but omits any caution about platform Terms of Service, consent, privacy obligations, rate limiting, or lawful data handling. In a social-content skill, this can normalize non-compliant data collection and lead users to harvest profile content and engagement data in ways that create legal, privacy, and account-enforcement risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal