ClawHub

ZDAT Publish Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is mainly a multi-platform publishing helper, but it explicitly tells agents to evade platform originality checks while supporting automated public posting.

Install only if you are comfortable with a skill that can guide automated publishing to live social platforms and keep local publishing logs. Do not use its AI/originality-detection evasion guidance; require explicit review and confirmation before any post is published or scheduled, and verify the local publishing engine path and workspace config before running the scripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Findings (6)

Tainted flow: 'script' from os.getenv (line 34, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
# 调用 v5 发布引擎
    script = str(WORKDIR / "zd_auto_publish_v5.py")
    if os.path.exists(script):
        result = subprocess.run(
            ["python", script, "--platform", platform, "--title", title, "--content", content],
            capture_output=True, text=True, timeout=120
        )
Confidence
91% confidence
Finding
result = subprocess.run( ["python", script, "--platform", platform, "--title", title, "--content", content], capture_output=True, text=True, timeout=120 )

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill explicitly instructs users to perform '去AI化处理' and to evade platform originality/AI-detection checks, which goes beyond normal formatting and into deliberate circumvention of platform integrity controls. In the context of automated multi-platform publishing, this increases the likelihood of deceptive content laundering at scale and policy evasion across multiple services.

Vague Triggers

Medium
Confidence
76% confidence
Finding
Broad trigger keywords such as '发文', '一键分发', and '定时发布' can cause the skill to activate for common user requests without clearly signaling that it may perform automated publishing actions. Because the skill can invoke scripts and schedule multi-platform posting, overbroad activation raises the risk of unintended execution and accidental dissemination.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The description does not warn users that the skill may automatically publish or schedule posts across external platforms, which is a high-consequence action. Missing disclosure is dangerous because users may invoke what appears to be a formatting tool but instead trigger distribution to live accounts.

Missing User Warnings

Low
Confidence
79% confidence
Finding
The skill documents that publication results are written to a local spreadsheet, but it does not frame this as a user-visible warning or explain what data is retained. Automatic local logging can expose titles, status, timestamps, failure reasons, and potentially sensitive operational metadata to other local users or processes.

Ssd 2

Medium
Confidence
97% confidence
Finding
The instruction to rewrite content specifically to evade originality or AI-detection systems is a direct attempt to bypass safety and authenticity controls on third-party platforms. Combined with automated posting, this can facilitate scalable abuse, deceptive content distribution, and account or platform policy violations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal