ClawHub

Creativault Creator Scraper

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed creator-search and outreach tool, but it combines bulk contact-data collection and real email sending with an overbroad self-update mechanism that can rewrite or delete skill files.

Install only if you trust Creativault and have a lawful, policy-compliant basis to collect creator contact data and send outreach. Keep CV_SKILL_AUTO_UPDATE disabled unless you intentionally want remote updates, review update manifests before running --yes, verify recipient lists and message content before any batch send, and handle exported creator/contact files as sensitive data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (16)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill documents a self-update path driven by a remote manifest URL and an automatic update flag, which creates a supply-chain trust boundary not directly required for creator scraping or email outreach. If the manifest source, transport, or update script is compromised, the skill could fetch and apply attacker-controlled changes, leading to arbitrary code execution or persistent malicious behavior.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The client will automatically spawn and execute a local update script when CV_SKILL_AUTO_UPDATE=true and the remote API returns update metadata. That means a network-triggered response can cause code execution on the host, which exceeds the stated purpose of a creator search/outreach client and creates a trust boundary problem: a compromised or malicious API/service response could induce execution of modified local code without explicit user confirmation.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation phrases are very broad and include generic scraping, discovery, and outreach terms across multiple platforms and languages. This can cause the skill to activate in contexts the user did not explicitly intend, increasing the chance of unintended data collection or email-sending actions in a sensitive skill that handles scraping and outreach.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The routing rule states that the agent should match user intent against a keyword table and load a sub-skill, but it does not define disambiguation, precedence, or safety constraints. In a skill capable of scraping and batch outreach, ambiguous routing can result in overbroad capability loading or unintended execution paths that the user did not clearly request.

Missing User Warnings

High
Confidence
94% confidence
Finding
The skill advertises scraping social platforms, exporting collected data, and conducting batch email outreach, yet provides no user-facing warnings or constraints around consent, terms-of-service compliance, privacy, anti-spam obligations, or sensitive-data handling. Because the skill's core purpose involves mass data collection and outbound contact, the lack of safeguards materially increases the risk of misuse, policy violations, and privacy harm.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill explicitly supports exporting scraped creator data to xlsx/csv/html files and returning downloadable links, but the description does not warn users that collected data will be persisted to files and exposed through retrievable URLs. In a scraping and outreach context, this increases the risk of unintended disclosure of personal or sensitive creator data because users may assume results stay transient in-session rather than being stored and shared via link-based access.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description includes broad trigger phrases such as 'similar creators', 'lookalike', and 'find similar', which are generic enough to match many user requests beyond this skill’s intended scope. In an agentic system, this can cause unintended invocation, leading the agent to run creator-discovery workflows when the user only meant a general similarity search, potentially exposing scraping or outreach capabilities inappropriately.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill metadata advertises very broad trigger phrases such as '发邮件', 'send email', and 'outreach', which are common user requests and can cause the agent to invoke this high-risk skill in contexts the user did not intend. Because this skill can send real outbound email, over-broad matching increases the chance of accidental or premature execution of a sensitive action path.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The decision rules map vague requests like '发邮件', '建联', and 'reach out' directly to `outreach_send.mjs`, which is a real-world side-effecting action. Although the document later includes a confirmation rule, this direct routing from ambiguous natural language to a send action creates unsafe coupling and increases the risk of misfires, social-engineering abuse, or sending messages without sufficiently scoped recipient/content validation.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The API reference documents use of sensitive authentication headers (`X-API-Key`, `X-User-Identity`) and webhook callbacks, but provides no guidance on secure storage, transmission minimization, log redaction, signature verification requirements, or callback URL validation. In a skill centered on scraping creator data and sending outreach emails, this increases the risk that implementers mishandle secrets or trust webhook traffic unsafely, leading to credential leakage, account abuse, or unauthorized task/result access.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
This documentation explicitly advertises access to sensitive creator contact details and audience/profile attributes such as email, WhatsApp, gender, and audience demographics, but does not require or even warn about privacy-sensitive handling, lawful basis, or user-facing disclosure before retrieval. In the context of a scraping and outreach skill, this omission increases the risk of misuse for unsolicited contact, profiling, or bulk harvesting of personal data.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The lookalike feature accepts usernames or profile URLs and states that the system will automatically resolve platform identity and perform similarity search, but it does not warn users that submitting these identifiers triggers external profile resolution and downstream analysis. In a creator-scraping skill, that lack of transparency can enable unnoticed profiling or use of third-party identifiers for bulk enrichment beyond what a user may reasonably expect.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The update path can fetch a remote manifest and remote files, then replace local files and delete files under managed roots without an interactive confirmation in the execution flow once --yes, --sync, or the auto-update environment variable is used. Although checksums and some path validation are present, this still creates a supply-chain risk: a compromised manifest source, environment-variable override, or operator mistake could cause unreviewed code/content changes to be applied locally.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest configures sync in mirror mode over the repository root (".") with delete_missing enabled, which allows updates to remove any file under the skill directory that is not present in the upstream source. If the remote manifest or source repo is compromised, misconfigured, or unexpectedly changes, this can delete local files outside the intended skill payload, causing destructive overwrite or denial of service to the installed skill or adjacent content managed by the same root.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The workflow explicitly instructs bulk creator data collection and export of detailed profiles, but it provides no user-facing notice about privacy, lawful basis, retention, or handling of exported personal/contact data. In a scraping and outreach skill, that omission increases the chance of misuse, over-collection, and downstream exposure of personal data through downloaded files.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow describes sending outreach emails to external recipients and managing batch sends, but it lacks an explicit warning that message content and recipient data will be transmitted outside the system. In this skill context, which is designed for large-scale creator discovery and outreach, that makes accidental spam, unauthorized contact, and disclosure of sensitive campaign content materially more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal