ClawHub

Bearblog

Security checks across malware telemetry and agentic risk

Overview

The skill’s Bear Blog automation purpose is coherent, but its examples include public publishing and deletion flows without enough user confirmation, including bypassing a browser delete confirmation.

Install only if you are comfortable giving the agent access to an authenticated Bear Blog session. Before using it, require explicit confirmation before publish, unpublish, or delete operations, verify the exact post title or URL, and avoid pasting passwords or secrets into ordinary chat unless your environment provides protected secret handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill explicitly instructs overriding `window.confirm` to force deletion, removing an important safety barrier for a destructive action. In an agent context, this increases the chance of unintended or automated content deletion without meaningful user acknowledgement, especially when combined with browser automation and persisted sessions.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The publish flow is presented as a simple click with no warning that it makes content publicly visible, and the document also includes unpublish/save operations without emphasizing visibility consequences. In a browser-driven agent, this can lead to accidental publication or visibility changes if the model executes the documented steps without surfacing the risk to the user.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow instructs the agent/user to type an email and password directly into the browser without any warning about sensitive credential handling, secure secret sourcing, or avoiding hardcoded/plaintext credentials in logs and histories. In an agent skill context, this is risky because credentials may be copied into transcripts, retained in memory, or mishandled by automation tooling.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The workflow includes a direct publish action that can make content publicly visible without documenting any explicit confirmation, review checkpoint, or warning that publication may be irreversible or externally visible. In a browser-automation skill, this increases the chance of accidental publication of drafts, sensitive content, or incorrect posts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal