ClawHub

Geo Content Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed GEO publishing planner with simple local helper scripts and no evidence of hidden access, credential use, persistence, or automatic posting.

Install if you want help planning GEO-focused content distribution. Review generated public posts, emails, schema, sitemap, llms.txt, and internal-linking recommendations before applying them, and use deliberate input/output paths if running the helper scripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger guidance is intentionally expansive ('always consider this skill' across broad publishing/distribution intents), which can cause the agent to invoke it for routine content tasks that do not require this level of orchestration. Over-broad auto-invocation increases the chance of prompt-routing mistakes, unnecessary content transformation, and unintended guidance about crawler signaling or distribution beyond the user's actual request.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The instruction to trigger on inferred intent beyond listed phrases, without clear boundaries, delegates broad discretion to the router and makes accidental invocation much more likely. In a composable agent system, ambiguous routing can expose unrelated user requests to an overly powerful orchestration prompt, leading to scope creep, disclosure of unnecessary operational guidance, or interference with more appropriate specialized skills.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The eval prompts describe highly generic, everyday publishing requests without strong trigger boundaries or exclusions, which can cause the skill to activate in overly broad situations. In a content orchestration skill, this increases the chance of unintended invocation, scope creep, or misuse in contexts where users did not actually request multi-channel GEO distribution behavior.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal