ClawHub

KDP Author Engine

Security checks across malware telemetry and agentic risk

Overview

This book-writing and publishing skill appears coherent and purpose-aligned, with cautions around local file outputs and handling reader contact details.

Install only if you want an assistant to help with book creation, formatting, and launch planning. Before using it, set a safe output directory, avoid overwriting existing manuscripts, and treat any reviewer or reader contact list as personal data: collect only with permission, store it securely, and delete it when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The activation criteria are extremely broad and include nearly any book-related writing or publishing task, which can cause the skill to activate outside a narrowly intended scope. Overbroad auto-activation increases the chance that unrelated workflows inherit this skill's instructions, file-writing behavior, and external-tool assumptions without explicit user intent.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The markdown section repeats expansive activation rules but provides no exclusion boundaries, so the skill may remain active in generic editing, marketing, or research contexts that only loosely mention books. This creates prompt-scope bleed, where powerful domain instructions can influence actions and outputs in contexts not meant to use this skill.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs saving outputs to a local configured directory and converting files via pandoc, but it does not clearly warn that using the skill may create or overwrite local files. In agent environments, undisclosed local file creation can lead to unintended persistence, data leakage into shared directories, or accidental overwriting of existing manuscripts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The ARC tracking template explicitly instructs maintaining readers' names and email/contact details, but provides no guidance on consent, storage limits, retention, or lawful use of that personal data. In a marketing skill, this can normalize informal collection of PII and lead users to build ad hoc spreadsheets containing reviewer data without privacy controls, increasing the risk of misuse, over-contacting, or accidental exposure.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The file declares mandatory writing rules that apply to every word and explicitly removes user choice ('No exceptions. No shortcuts.'). In an agent skill, this can override user intent, reduce controllability, and cause the agent to follow rigid internal policy even when the user requests a different tone, accessibility level, or compliant style for a specific publishing context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal