ClawHub

Social Media Commander

Security checks across malware telemetry and agentic risk

Overview

This is a file-based social media planning skill that can create ongoing local workflow records, but it does not include executable code, credential access, or hidden publishing behavior.

Install only if you want an agent to maintain a local social media operations workspace with drafts, calendars, analytics, recurring reviews, and state files. Keep any real account posting, DM handling, or platform integrations behind explicit user approval, and consider testing in a sandbox workspace if unexpected local draft/report creation would be disruptive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (14)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The rule uses a very broad trigger for any owner statement 'related to content' and mandates immediate capture. In practice, this can cause unintended activation from casual conversation or brainstorming, leading the agent to create artifacts and mutate repository state without a clearly scoped user command.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to automatically write to `content/drafts/<slug>/content.md` as soon as it detects relevant content discussion, without warning or confirmation. Silent file creation is risky because it changes user data/state unexpectedly and can be abused through prompt phrasing or accidental activation.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The top-level description promises end-to-end social media management ('A to Z') without stating clear invocation boundaries, approval requirements, or limits on autonomous actions. In an agent environment, this can cause over-broad activation and let the skill assume authority over sensitive publishing, analytics, and messaging workflows beyond what the user explicitly requested.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The purpose statement says the agent manages the owner's 'entire social media presence' across the full lifecycle, which implies persistent, broad operational control. In context, this is more dangerous because the skill also covers publishing, engagement, DMs, analytics, and crisis response, so an agent could take high-impact actions without sufficiently constrained authorization.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly tracks comments, DMs, mentions, and audience/persona data, but it does not warn users about the sensitivity of personal or confidential information in those records. Without handling guidance, an agent may ingest, retain, summarize, or act on private communications and audience data in ways that create privacy, compliance, or reputational risk.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list includes very common conversational phrases such as "share this" and "content idea," which can cause the hook to activate during ordinary discussion rather than a clear command. In a social-media management skill that immediately creates draft entries, this increases the chance of unintended state changes, clutter, and accidental capture of sensitive or incomplete thoughts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The description says the hook "Creates draft entry immediately" but does not provide a user-facing warning or consent mechanism tied to activation behavior. Because this skill performs a write action as soon as it detects a trigger, lack of transparency makes accidental data creation more likely and undermines user control over persistent changes.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The hook description says it fires when content is published, but it does not define strict activation conditions, allowed callers, or scope boundaries. In an agentic environment, broad triggers can cause unintended execution and cascading state changes, especially because this hook performs multiple writes to logs, calendars, and platform performance files.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The instructions direct the agent to modify several files and records automatically, but there is no user-facing confirmation, preview, or safeguard around those writes. This increases the risk of silent or unintended state changes, log pollution, and persistence of incorrect data if the hook is triggered unexpectedly or with malformed inputs.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The hook name and description are generic enough that a model may trigger review behavior in contexts beyond an explicit, user-initiated review workflow. In an agent that can move files and change state, ambiguous activation increases the chance of unintended state transitions or review actions from ordinary conversation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Commands like "APPROVE", "REJECT <reason>", and "EDIT <what to change>" are short, natural-language phrases that can easily overlap with normal discussion, quoted text, or feedback. Because these commands lead directly to state changes and edits, an accidental or adversarially crafted phrase could trigger unauthorized workflow actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The hook authorizes immediate modification of content, state changes, and file moves without an explicit warning, confirmation, or authorization check at the time of execution. In a social media management skill, these actions affect publishing workflow and auditability, so mistaken or injected commands could cause loss of draft integrity, incorrect approvals, or hidden workflow manipulation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The hook instructs the agent to write a new analytics report file in the repository without any warning, confirmation boundary, or disclosure that persistent project files will be modified. In an automated Monday hook, this can silently change tracked content and create unintended commits or data integrity issues, especially if the report generation logic is influenced by untrusted inputs from platform data or prior repository content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The instructions direct additional repository mutations to GROWTH_JOURNAL.md and broad 'Soul' state updates, again without warning or scoped authorization. The 'Upsert all soul sections' directive is especially risky because it is expansive and underspecified, which could lead to widespread unintended file modifications, persistence of tainted data, or corruption of higher-level memory/state artifacts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal