ClawHub

Yu Copywriter Pro

Security checks across malware telemetry and agentic risk

Overview

This is a local copywriting helper with no network, credential, or destructive behavior, but one included secondary script can silently keep a local history of command inputs.

Installers should treat this as a simple local copywriting template skill. Use the documented scripts/copy.sh path for the no-history workflow, and avoid running scripts/script.sh with confidential customer data, campaign plans, or secrets unless you are comfortable with those command arguments being saved locally under the copywriter-pro data directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documented purpose is limited to copywriting features, but the finding indicates the skill also exposes additional commands and persistently logs command usage and user-supplied arguments to a local history file without clearly disclosing that behavior. Undocumented capability expansion and hidden data retention are security-relevant because users may provide sensitive marketing plans, customer data, or prompts under the assumption that the tool is only performing ephemeral copy generation.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script creates a persistent data directory and stores usage data in local log files, which goes beyond the advertised copywriting functionality. Even though the behavior is local rather than exfiltrative, prompts may contain sensitive business plans, campaign strategy, customer data, or unpublished content, so undisclosed retention creates a real privacy and data-handling risk.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
Nearly every user-facing command calls _log with user-supplied arguments, causing prompts and topics to be written to disk automatically. In a copywriting tool, those inputs are likely to include confidential marketing plans or customer-related text, so broad persistent logging materially increases exposure if the host is shared, backed up, or later compromised.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The command behavior persists user input to a history file without any user-facing notice at runtime or in the help text. Silent retention is dangerous because users reasonably expect a local copywriting helper to process text transiently, not archive prompts that may contain sensitive commercial or personal information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal