ClawHub

Substack Autopilot

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Substack drafting automation that edits local workflow files, opens Substack for review, and sends status alerts without evidence of hidden or destructive behavior.

Install this only for a Substack-specific drafting workflow. Configure a narrow workspace folder, check the Substack publication and Telegram recipient, keep backups or version control for article-topics.json and article-log.json, and preserve the human review step before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase "automate newsletter" is broad enough to match requests outside this narrowly intended Substack workflow, which can cause the wrong skill to activate on unrelated automation tasks. In an agent environment, overly generic triggers increase the chance of unintended execution, potentially causing file edits, browser actions, and notifications in contexts the user did not mean to invoke this skill for.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This prompt template directs an agent to create a draft file, modify the topic queue, and append to a log file, but it does not include any explicit user disclosure, confirmation gate, or safety constraints around those data-changing actions. In a cron context, those writes are unattended and recurring, so mistakes, path substitution errors, or prompt misuse could silently alter local state and create integrity issues.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The template sends Telegram alerts that include workflow status and a local filesystem path, which may expose internal directory structure and operational details to an external messaging service without any privacy notice or minimization. While the disclosed data is limited, it can still leak environment information useful for profiling the system or revealing sensitive workspace naming conventions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal