ClawHub

Tistory Publish

Security checks across malware telemetry and agentic risk

Overview

The skill is built for Tistory publishing, but it can post publicly through a logged-in browser without a final confirmation and still contains an under-disclosed hard-coded blog default.

Install only if you intend to automate real Tistory posting. Always pass an explicit --blog, test with --private first, review or remove the mk-review hard-coded blog default, and protect any Kakao credential file with strict local permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises browser automation, login session recovery, local file inputs, and network-driven publishing but does not declare corresponding permissions or trust boundaries. This creates a transparency and consent gap: operators may run a skill that can read local content and make live remote changes without an explicit capability declaration.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README clearly states that the skill performs live browser automation against a logged-in Tistory account, including publishing posts, uploading images, and manipulating editor state, but it does not prominently warn that these actions will modify a real blog. In an agent-skill context, omission of explicit destructive/live-action warnings increases the chance of unintended publication, content overwrite, or misuse of an authenticated browser session.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The quick-start example encourages immediate execution of the publishing script with a real blog target but provides no warning that it will use an authenticated browser session and can create live posts. Because this skill also advertises bypasses for isTrusted filtering, the context makes accidental or unauthorized content publication more concerning, especially when used by autonomous agents or unsuspecting operators.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation emphasizes automated posting, image upload, tag registration, and publication state changes, but it does not prominently warn that the skill performs live modifications to a real Tistory blog. In practice, this raises the risk of accidental publication, unintended edits, or reputational damage if a user tests the skill against a production account.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs users to store Kakao email/password credentials in a file or environment variable for session recovery, but does not include strong guidance on secure storage, file permissions, lifecycle, or exposure risks. Because these credentials enable account access tied to publishing authority, mishandling could lead to account takeover or unauthorized blog changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script programmatically clicks the completion and publish controls with no user-facing confirmation, preview gate, or explicit consent at the point of publication. In a browser automation skill that operates on an already-authenticated blog session, this can cause accidental or unauthorized publication of drafts, sensitive content, or malformed posts with immediate public exposure.

Missing User Warnings

High
Confidence
98% confidence
Finding
This helper not only publishes automatically, but actively seeks and selects a public visibility control before clicking any matching publish button. That combination increases risk because it removes the operator's chance to keep content private and can override expected visibility, turning automation mistakes into immediate public disclosure on a live account.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The runbook instructs the user to execute a publishing script that performs an external side effect—posting content to a live Tistory blog—and only later notes that `--private` should be removed for real publishing. Without an explicit warning at the execution step that this action can publish to an external account, users may unintentionally post content or misunderstand the operational risk, especially given this skill is specifically designed to automate blog publication.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal