ClawHub

Directus.io Headless CMS

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Directus helper skill with some security-sensitive examples users should harden before copying into production.

Install as a Directus reference pack, not as production security guidance. Before copying examples, avoid tokens in URLs, add SameSite and CSRF protections for cookie auth, keep secrets server-side, use least-privilege tokens, review schema changes before applying them, back up production data, and confirm what content is sent to OpenAI, translation APIs, webhooks, or search services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger description is unusually broad, including not only explicit Directus terms but also generic concepts like headless CMS integration, content pipelines, dynamic page generation, and automation workflows where Directus is only a 'likely fit'. This can cause unintended invocation on unrelated prompts, increasing the chance the agent applies the wrong guidance, exposes irrelevant capabilities, or routes users into an over-privileged skill context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide explicitly reads a preview token from the URL query string and uses it for authenticated content access. Query-string tokens are commonly exposed via browser history, server/access logs, referrer headers, shared links, analytics tooling, and screenshots, which can leak preview or draft access to unauthorized parties.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The login example stores access and refresh tokens in cookies but omits CSRF protections and broader session-handling guidance. Even with httpOnly and Secure set, cookie-based auth can be abused by cross-site requests unless SameSite, CSRF tokens/origin checks, token rotation, and logout/invalidation behavior are addressed.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly instructs users to send article content and an API key to OpenAI but does not warn that prompts may contain sensitive unpublished content and will be transmitted to a third-party service. In a CMS automation context, this omission can lead to unreviewed external disclosure of proprietary or personal data through normal copy-paste implementation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The auto-translation example recommends sending source content to external translation providers without stating that all translated text leaves Directus and may be processed or retained by another service. Because this is framed as a routine automation pattern, users may apply it to sensitive content pipelines without realizing the data-sharing implications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The sync pattern encourages posting published content to external systems but omits any warning about outbound data sharing, possible over-broad payloads, and downstream retention by search or custom services. In a headless CMS environment, templated payloads can easily include metadata or fields that were not intended for third-party distribution.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal