ClawHub

Use the Content3 Agent API to create short-form videos, manage content libraries, submit reviews for human approval, and draft social media posts.

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Content3 API guide, but users should be careful with API-key scope, public review links, and social publishing actions.

Install only if you intend to let an agent use Content3 on your behalf. Use the narrowest API-key scopes needed, avoid wildcard/full-access keys, protect ~/.config/content3/api_key, confirm before creating public review links, and require an explicit final approval before publishing drafts to connected social accounts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents creation of public share links that allow unauthenticated humans to view content, comment, and even change review status, but it does not prominently warn that this exposes review materials outside the authenticated workspace. In an agent context, this can lead to accidental public disclosure of sensitive media, metadata, and workflow control to anyone holding the link.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The publish endpoint is described as a routine action without a strong warning that it triggers posting to external third-party social platforms. In an agent setting, users may interpret draft handling as internal-only, so insufficient warning raises the risk of accidental public posting, reputational harm, and unintended disclosure of content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal