ClawHub

Blog Writer 0.1.0

Security checks across malware telemetry and agentic risk

Overview

This is a coherent blog-writing skill with disclosed Notion publishing and local example retention, but users should avoid using it with confidential drafts unless they are comfortable with that storage.

Install this only if you want drafts published to the configured Notion database as part of the workflow and are comfortable with finalized posts being kept as future style examples. Redact confidential notes or skip the skill for sensitive material.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill requires publishing drafts to an external Notion database automatically and labels failure to do so as workflow failure, but it does not require explicit user consent or warn about external data transfer. This can leak sensitive draft content, user-provided notes, or proprietary research to a third-party service without informed approval.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill instructs saving finalized posts into a local examples library, creating persistent storage of user content, but it does not clearly warn the user that their material will become part of the skill's reference corpus. This can cause unintended retention of sensitive or proprietary writing and may influence future outputs.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill explicitly directs automatic publication of all drafted content, including drafts and incorporated user-provided materials, to an external Notion database before finalization. This expands the exposure window for sensitive information and makes accidental data exfiltration more likely, especially when drafts may still contain raw notes, confidential research, or unreviewed personal data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal