ClawHub

Wonda

Security checks across malware telemetry and agentic risk

Overview

This skill is disclosed as a media and social automation tool, but it includes high-impact social account actions with stealth, detection-avoidance, and overconfident safety language that users should review carefully.

Install only if you trust the Wonda CLI provider and intend to use it with accounts you control. Keep API keys, social tokens, verification codes, and stream URLs private, and require explicit approval before any signup, post, DM, follow, vote, connection request, permission grant, Terms acceptance, or delete action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill explicitly frames browser-based posting automation on X/Twitter as having 'zero fingerprinting risk' and being 'fully drift-proof,' which can mislead an agent or operator into treating account automation as inherently safe. In context, the skill enables real write actions to third-party social platforms, so overclaiming safety increases the likelihood of risky automation, account abuse, or policy-violating behavior without appropriate caution.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The LinkedIn section similarly claims the browser mode has 'Zero fingerprinting risk' and is 'fully safe,' despite describing stealth automation of connection requests and other account actions. This creates a false sense of security around automating a sensitive platform where detection, account restrictions, or abuse can still occur.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill includes direct publishing commands to Instagram and TikTok but does not impose a general confirmation gate for account-impacting actions. Because these commands can publish content to connected social accounts, an agent following the skill could post externally without explicit user approval, causing reputational or business harm.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The X/Twitter section documents tweet, reply, like, retweet, follow, and media-posting commands with no clear requirement to pause for user approval before executing them. In this skill's context, that materially increases the chance of unauthorized or accidental actions on a live social account.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The LinkedIn commands include connect, send-message, post, like, and delete-post actions without a strong user-facing confirmation requirement. Since LinkedIn actions can affect professional reputation, outbound messaging, and account standing, documenting them as routine commands without approval controls is risky.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The Reddit section includes submit, comment, vote, subscribe, save, unsave, and delete operations without an explicit warning that these actions must be user-approved. This is dangerous because it enables unintended account activity and destructive operations such as deletion, all under an authenticated user context.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal