Back to skill

Security audit

DoctorClaw Content Repurposer

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only content repurposing skill whose URL fetching and optional posting features fit its stated purpose, but users should control those integrations carefully.

Install this if you want an agent to transform your supplied content into platform-ready drafts. Prefer pasting private content instead of giving sensitive URLs, review any fetched material as untrusted, and only connect publishing or social accounts when you want scheduling or posting after your approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly accepts arbitrary URLs and says to fetch and extract content without warning about external network access or constraining allowed destinations. This can lead to unintended requests to attacker-controlled URLs, privacy leakage, SSRF-style access to internal resources in capable runtimes, or retrieval of hostile prompt content that influences downstream outputs.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.