ClawHub

Contractor Marketing

Security checks across malware telemetry and agentic risk

Overview

This contractor marketing skill is relevant to its stated purpose, but it needs Review because it stores detailed business data, uses an external strategy service, and can create ongoing marketing automation without clear opt-in controls.

Review before installing. Use it as a drafting assistant unless you explicitly approve every post, review reply, customer message, ad-budget change, external strategy-library lookup, and scheduled task. Avoid providing license numbers, employee names, payment processor details, or other sensitive business data unless you are comfortable with it being stored in workspace memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill hard-codes raw curl access to a third-party Supabase endpoint and instructs the agent to fetch remote content during normal operation. This expands the skill's authority beyond local marketing assistance into unsandboxed network access, creates data-flow to an external service, and normalizes use of embedded credentials/API keys without user consent or domain restrictions.

Context-Inappropriate Capability

Low
Confidence
86% confidence
Finding
The skill directs collection of extensive onboarding answers and persistence into MEMORY.md or workspace memory without any data-minimization or consent boundary. While persistence can be legitimate for personalization, storing business details by default increases the chance of retaining sensitive operational or customer information longer than necessary.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill instructs creation of recurring cron/heartbeat jobs, enabling autonomous execution outside a user's immediate request. Persistent scheduled actions can generate posts, reports, and audits without fresh approval, increasing the risk of unintended network calls, content publication, or long-lived automation the user did not knowingly authorize.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation phrases are broad and overlap with common user requests such as writing posts, responding to reviews, proposals, or audits. This makes accidental invocation more likely, which is especially risky here because the skill also includes memory persistence, external requests, and scheduled-task setup that could be triggered in contexts where the user did not intend to use this skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill tells the agent to store onboarding answers in memory without warning the user that business information will be retained. The context makes this more dangerous because the onboarding flow is long and likely to capture contact, pricing, service-area, and operational details, so users may disclose substantial information before realizing it is being persisted.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs outbound requests to a third-party strategy library without warning the user that interactions may involve external network access. In this marketing-assistant context, users may assume purely local content generation, so silent transmission to an outside service creates a transparency and privacy gap even if the endpoint is read-only.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The scheduled-tasks section instructs recurring automated actions without notifying the user that persistent background jobs may be created. This is dangerous because it changes the interaction model from on-demand assistance to ongoing automation, which can continue consuming resources or performing external actions after the initial conversation ends.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The questionnaire requests a broad set of sensitive business and personal information, including employee names and roles, phone numbers, email addresses, physical address, licensing details, software stack, and payment methods, but provides no notice about why the data is needed, how it will be stored, who can access it, or how long it will be retained. In an agent skill context, this increases the risk of unnecessary data exposure, over-collection, and accidental leakage to logs, downstream tools, or model context, especially because the prompt instructs the agent to gather the information interactively one item at a time.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal