ClawHub

Schema Markup Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Schema.org markup helper, but its URL and sitemap modes should only be used with sites and files the user trusts.

Install if you want a local Schema.org JSON-LD generator. Use file input only on JSON files you intend to process, use URL and sitemap modes only for public sites you control or trust, choose the output directory deliberately, and review generated structured data before publishing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Tainted flow: 'url' from input (line 232, user input) → requests.get (network output)

Medium
Category
Data Flow
Content
import requests
            from bs4 import BeautifulSoup
            
            resp = requests.get(url, timeout=10)
            soup = BeautifulSoup(resp.text, 'html.parser')
            
            template = SCHEMA_TEMPLATES.get(schema_type, {}).copy()
Confidence
91% confidence
Finding
resp = requests.get(url, timeout=10)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The script accepts a remote sitemap URL, extracts arbitrary <loc> entries, and then issues outbound requests to every listed URL. This expands the skill from local schema generation into network crawling, which can be abused for server-side request forgery or unexpected access to internal or sensitive endpoints if an attacker controls the sitemap or input URL source.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation text is broad enough to trigger on many generic SEO, markup, or structured-data requests, which can cause unintended invocation. In context, that matters because this skill can read files, fetch URLs, and write outputs, so accidental activation may lead to unnecessary access to local or remote resources.

Vague Triggers

Low
Confidence
91% confidence
Finding
The eval allows batch generation from an arbitrary sitemap URL without any stated limits on scope, allowed domains, request volume, or content-handling rules. In an agent setting, this can lead to uncontrolled external fetching, excessive crawling, or processing of attacker-supplied endpoints, which increases SSRF, resource-consumption, and unintended data-ingestion risk even if the feature is meant for legitimate schema generation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guidance explicitly recommends placing the full article text into structured data for AI training, but provides no warning about privacy, consent, copyright, or duplication risks. In a content-generation skill intended to automate schema markup, this can cause users to expose sensitive or non-public material and may encourage over-sharing beyond what should appear in machine-readable metadata.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal