ClawHub

Content Repurposer

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it appears to output canned demo posts instead of actually transforming the user's content.

Treat this as a Review item, not confirmed malware. Before installing, understand that the current implementation appears to be demo scaffolding: it may create local files, fetch user-supplied URLs, and copy output to the clipboard, but the platform drafts are canned and should not be trusted as adaptations of your content. Avoid using private drafts or sensitive brand details until generation is actually implemented and data-flow, dependency, URL, and clipboard behavior are documented more clearly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises and documents shell-based behavior but does not declare corresponding permissions, creating a transparency and consent gap. In an agent environment, undeclared shell capability can lead to file access, command execution, or other side effects beyond what a user reasonably expects.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior extends beyond the stated purpose by fetching remote URLs, writing files locally, generating additional platform output, and optionally copying data to the clipboard. This mismatch is dangerous because users may provide sensitive content believing the skill only reformats text, while the implementation may transmit, persist, or expose that content through additional channels and side effects.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The script comments and prompt construction imply it will call an LLM on the supplied content, but it actually emits a fixed mock response. This is a deceptive implementation that can mislead users, downstream automation, or reviewers into believing source content and configuration are being processed when they are not, undermining integrity and trust in the skill.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill advertises transforming user-supplied content into an Instagram caption, but the implementation ignores the input entirely and always returns a canned caption. In an agent setting, this is dangerous because users may unknowingly publish irrelevant or misleading content, and automated pipelines may treat the output as faithfully derived from the original material when it is not.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The script claims it uses a built-in LLM tool, but in reality it only echoes a hard-coded mock response. This is a deception/integrity issue: users may believe their supplied content is being processed when it is ignored, which can undermine trust, cause incorrect business decisions, and mask incomplete or stubbed functionality in production.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill advertises transforming user-supplied content into a LinkedIn post, but this script ignores the input entirely and always returns the same canned post. In this skill context, that mismatch is especially dangerous because users may publish output they believe reflects their proprietary source material, leading to reputational harm, workflow corruption, and silent failure of an automation pipeline.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script accepts arbitrary HTTP/HTTPS URLs and fetches remote content, which expands the trust boundary beyond local user-supplied files. In an agent-skill context this can enable unintended outbound requests, access to internal-only endpoints if the environment has network reachability, and ingestion of untrusted remote content without clear restriction or consent.

Context-Inappropriate Capability

Low
Confidence
87% confidence
Finding
The script automatically copies generated content to the system clipboard based on configuration, creating a side effect outside the core file-generation workflow. While not severe on its own, clipboard writes can overwrite sensitive clipboard contents and expose generated or source-derived data to other applications or later accidental pastes.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script comments state it uses a built-in LLM tool, but the implementation only returns a hardcoded mock response. This creates deceptive behavior and can mislead users, downstream agents, or automation into believing content was transformed from the supplied input when it was not.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The script reads input content and builds a detailed prompt, but then discards all of it and always emits the same canned message. In an agent skill, this is dangerous because it silently violates user expectations, can corrupt publishing workflows with unrelated content, and may cause automated systems to post misleading or reputationally damaging text under a user's identity.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The script claims to generate a Twitter thread via an LLM, but the implemented behavior is a hard-coded mock response. This is dangerous because downstream users or agents may trust the tool's output as derived from the provided input when it is actually unrelated, causing silent integrity failures, misleading automation results, and potentially unsafe business decisions based on fabricated content.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill does not warn that source content or fetched URLs may be sent to external services for processing, which creates a data handling and privacy risk. Users may paste unpublished drafts, client materials, or proprietary transcripts without understanding that the content could leave the local environment.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The script reads voice profile, platform, user, and LLM configuration data to build a prompt, but this file provides no user-facing disclosure that personal or profile data may be incorporated into model input. In this specific skill context, that is more concerning because content repurposing commonly handles creator identity, preferences, and potentially sensitive unpublished material, so silent prompt enrichment can create privacy and consent issues.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal