ClawHub

Ad Copywriter

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be an ad-copy helper, but it silently stores users' raw prompts in a local history file without clear notice or consent.

Review this skill before installing if you may enter confidential campaign plans, client information, or proprietary ad ideas. Use it only if local prompt history is acceptable, and consider clearing or disabling the history log if the skill does not provide its own controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script presents itself as a content creation helper but silently persists user-supplied prompts and command history to a local file via `_log`, without any disclosure in help text or runtime prompts. This creates a privacy and data-handling risk because users may enter sensitive campaign plans, proprietary content ideas, or confidential prompts believing the tool is ephemeral.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest description advertises extremely broad triggering for ad-copywriting tasks across many platforms and related activities, which can cause the agent to invoke this skill in situations where the user did not explicitly request it. Overbroad activation increases the chance of prompt-routing mistakes, irrelevant tool use, and unintended instruction precedence over the user's preferred workflow or language.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The metadata strongly biases or forces Chinese-language behavior by embedding extensive Chinese-only descriptions and usage cues without stating that language should follow the user's preference. This can cause the skill to override user intent, produce inaccessible output, or be selected for users who did not ask for Chinese content, which is a prompt-quality and control issue.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
At line 35, `_log` writes raw user input to a persistent history file under `$DATA_DIR/history.log` with no user-facing notice. Even though this is local logging rather than exfiltration, it can expose sensitive business data or personal information to other local users, backups, or later compromise of the host.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal