ClawHub

LinkedIn Content Strategy Analyzer

Security checks across malware telemetry and agentic risk

Overview

The skill does the advertised LinkedIn analysis, but it also tells the agent to silently update and reinstall local toolkit code before running.

Review before installing. Use only if you trust the local `ai-native-toolkit` repository and are comfortable with Apify and LLM provider API use. Prefer removing the silent auto-update block, pinning the toolkit version, running in an isolated environment, and requiring explicit approval before any `git pull` or `pip install` action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The auto-update block performs `git pull` and `pip install -e .` on a local repository before the requested LinkedIn analysis, which mutates the environment and executes code unrelated to the immediate user task. This creates a supply-chain and arbitrary-code-execution risk because fetched repository changes or package install hooks can run code with the agent's privileges without explicit user consent.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The instruction to 'silently check' for updates is misleading because the provided code does not merely inspect state; it performs network access, pulls new code, and reinstalls the package. Hidden environment mutation is dangerous in an agent setting because it bypasses user awareness and can introduce unreviewed code execution or operational instability.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs undisclosed network access and package installation as a background action, which violates least surprise and expands the agent's behavior beyond the LinkedIn analysis task. In this context, the hidden update step is more dangerous because the allowed Bash tool can execute the updater directly, turning a content-analysis skill into a covert software-modification path.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal