ClawHub

Movie Review

Security checks across malware telemetry and agentic risk

Overview

This is a local movie-review content helper that saves entered text on disk, with privacy caveats but no evidence of hidden or malicious behavior.

Install only if you are comfortable with movie-review drafts and related notes being saved locally in plaintext under ~/.local/share/movie-review. Avoid entering sensitive, private, or embargoed material unless you manage that directory yourself, and note that the advertised recommendation/watchlist features do not appear to be implemented in the reviewed script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill’s declared purpose is narrowly framed around film reviews, recommendations, watchlists, spoiler control, and comparisons, but the documented behavior expands into content-marketing features and persistent local logging/export of user inputs. This mismatch can mislead users and host agents about what data is collected and what operations are performed, increasing the risk of unintended retention or use of sensitive user content.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest advertises a movie-review/recommendation/watchlist tool, while the actual documented functionality is a broader content-production and publishing toolkit. Security-sensitive capability drift in documentation is dangerous because users may invoke the skill under false assumptions about scope, data handling, and intended use.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest claims recommendation, watchlist, spoiler-control, and side-by-side comparison features that are not reflected in the documented commands. While this is not direct code execution risk, it is still a trust and integrity issue because inaccurate capability claims can cause unsafe reliance, misrouting, or over-privileging by users or agent systems.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script persistently writes user-provided content into plaintext log files under the user's home directory and exposes export and search features without any user-facing notice, consent flow, or retention controls. This creates a privacy and data-handling risk because sensitive prompts, drafts, or personal notes may be retained indefinitely and later disclosed to other local users, backups, or support processes.

Session Persistence

Medium
Category
Rogue Agent
Content
## When to Use

1. **Drafting a movie review** — use `draft` to capture your initial thoughts, then `edit` and `rewrite` to polish
2. **Preparing social media posts** — use `hashtags`, `hooks`, and `cta` to create engaging content around your review
3. **Planning a review series** — use `outline` to structure your content and `schedule` to plan publishing dates
4. **Optimizing for reach** — use `optimize` for SEO, `headline` for click-worthy titles, and `tone` to match your audience
5. **Tracking your review portfolio** — use `stats` to see totals, `recent` for latest activity, and `export` to back up everything
Confidence
80% confidence
Finding
create engaging content around your review 3. **Planning a review series** — use `outline` to structure your content and `schedule` to plan publishing dates 4. **Optimizing for reach** — use `optimize

VirusTotal

39/39 vendors flagged this skill as clean.

View on VirusTotal