ClawHub

Monet Works — Content QA Remediation

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed draft-remediation tool that rewrites user-provided content and reports changes, with no evidence of hidden access, exfiltration, persistence, or autonomous publishing.

Install only if you want automated edits to draft content. Review the fixed markdown and JSON report before publishing, especially for financial, legal, medical, customer-sensitive, or confidential material. Prefer writing to a new output file and preserving the original draft.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly performs automatic remediation of publication content and demonstrates shell redirection into destination files, but it does not warn users that content will be altered before publication or recommend reviewing diffs before replacing drafts. In a content-publishing pipeline, silent modification can introduce factual, legal, or brand errors at scale, especially because the tool also appends generated text such as disclaimers and CTAs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill states that excessive-length content is processed by an AI model and that it integrates with an external humanizer, but it gives no privacy or integrity warning that draft content may be transmitted to other services. This is dangerous because unpublished marketing content, regulated financial language, or customer-sensitive material could be exposed externally or modified unpredictably without operator awareness.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal