ClawHub

Mia Content Creator

Security checks across malware telemetry and agentic risk

Overview

This skill is a local content-template generator with local history logging, though its documentation overstates posting and monetization features.

Install only if you want a local draft/content-template helper. Do not expect it to actually post to Moltbook or Twitter/X or track real revenue unless additional reviewed code is added. Run it in a directory where creating content-log.json is acceptable, and delete that file if you do not want generated post history retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description is very broad and does not clearly constrain when the agent should invoke it. In agent ecosystems, vague descriptions can cause accidental selection in unrelated contexts, which may lead to unintended content generation, scheduling, or monetization-related actions without clear user intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The usage section shows commands but does not define scope limits, required permissions, or guardrails for when these actions should be executed. This increases the chance that an orchestrating agent may invoke the skill too readily, especially for actions that could publish content or automate account activity across external platforms.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The package description, "AI agent content creation and monetization," is broad and underspecified, so an orchestrator or user may invoke this skill in contexts far beyond its intended scope. In agent ecosystems, vague descriptions increase the chance of inappropriate delegation into sensitive content-generation, platform automation, or monetization workflows, which can amplify unsafe behavior or policy violations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises automated posting, scheduling, and cross-platform publishing but does not disclose account-level risks such as unintended publication, spam-like behavior, policy violations, or misuse of connected credentials. Because it targets social platforms and monetization workflows, users may authorize actions that affect public-facing accounts without understanding the operational and compliance risks.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal