ClawHub

Content Creator Bundle

Security checks across malware telemetry and agentic risk

Overview

This bundle is purpose-aligned for social media automation, but it needs Review because it can schedule public posts and act on platform accounts with unclear approval, credential, cancellation, and external-install safeguards.

Install only if you intend to let an agent help manage social-media accounts. Inspect the external repository and install.ps1 before running them, use least-privilege or test platform accounts, keep secrets out of files and logs, and require manual approval for every post, scheduled job, like, reply, and private message.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README presents natural-language command phrases such as '帮我回复评论' and '设置明天8点发布' as direct invocations without defining activation boundaries, confirmation requirements, or scope limits. In an agent environment, broad everyday phrases can be triggered unintentionally from normal conversation or embedded content, causing content generation, comment replies, or publishing actions to run when the user did not intend to invoke the skill.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README instructs users to configure platform accounts and use scheduled publishing, but it does not warn about credential sensitivity, token storage, privacy exposure, or the consequences of automated posting across accounts. Because this bundle manages multiple platform identities and publication actions, insufficient warning and guidance increases the risk of accidental disclosure, unauthorized posting, or broad distribution of unintended content.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly markets automated multi-platform posting and comment interaction, but it does not clearly warn that these actions can publish content, send replies, or otherwise act on the user's accounts. In an agent setting, this can lead to unintended public posts, spam-like behavior, reputational damage, or platform policy violations if users do not realize the automation is acting on their behalf.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The configuration example shows use of platform credentials and secrets via environment variables, but provides no guidance on secure secret storage, least-privilege usage, or avoiding accidental disclosure in files, logs, or screenshots. This omission increases the risk that users mishandle API keys or app secrets, which could enable account compromise or unauthorized posting if exposed.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The comment-management example describes automatic likes, draft replies, private-message behavior, and asks whether to send replies, but it does not prominently warn that these actions may directly engage other users using the account owner's identity. This is risky because automated engagement can create unauthorized communications, harassment/spam concerns, and reputational or compliance issues if triggered incorrectly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal