ClawHub

Blog Editorial Calendar

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent blog-publishing automation, but it can create or schedule CMS posts from broad prompts and its concurrency controls are under-specified.

Review before installing. Use this only with a CMS account and site where automated drafts or scheduled posts are acceptable. Prefer explicit slash commands, confirm before `next`, `sync`, or `mark-done`, and avoid running multiple `next` jobs at the same time until the skill has a real lock or transaction mechanism.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The skill claims it prevents concurrent `next` runs using `in-progress` as a lock, but the described implementation never performs a pre-run refusal check or establishes an atomic lock. In practice, two overlapping invocations could select and dispatch the same or conflicting topics, causing duplicate writing, duplicate scheduling, or unintended CMS state changes.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger text includes a catch-all phrase covering 'any variant of running a recurring publish cadence,' which is broad enough to activate autonomous scheduling and publishing from ambiguous user requests. In this skill's context, accidental activation is more dangerous because the skill can write, schedule, and reconcile posts against a live CMS, creating persistent external side effects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description emphasizes autonomous operation and automatic scheduling/publishing but does not clearly warn users that invoking the skill may modify backlog state, create drafts, schedule posts, and reconcile against a live CMS. Missing disclosure increases the chance of users triggering state-changing behavior without informed consent, which is especially risky for publishing workflows tied to production sites.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal