ClawHub

Insta Content Engine

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed social-content tool, but it gives an agent live posting authority and credentialed account access without enough safeguards.

Install only if you are comfortable giving the agent access to real social accounts, API keys, and public posting authority. Review every caption, media file, destination account, and action before running publish commands; avoid passing Instagram passwords on the command line; and do not feed untrusted search text into the shell-based helpers until command construction is hardened.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script invokes shell commands via execSync and interpolates user-controlled query data into command strings. Although double quotes in the X query are escaped, shell metacharacters such as command substitution remain dangerous inside double quotes, and the Instagram path passes the query without robust escaping, creating command-injection risk if an attacker can control input.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill includes commands that publish directly to live X/Twitter and Instagram accounts, but it provides no explicit warning, confirmation step, or safe/dry-run guidance. In an agent setting, this increases the risk of unintended public posting, reputational damage, spam, or misuse of authenticated accounts.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script performs a live Instagram post immediately once invoked, without any confirmation gate, dry-run mode, or explicit warning before the irreversible network action. In an agent or automation context, this can cause unintended publication of content, reputational harm, and accidental posting to production social accounts from malformed prompts or operator mistakes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal