ClawHub

Gr Blog Post

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Jekyll blog publishing workflow with expected translation and GitHub publishing steps, but users should confirm before any external API calls or repository writes.

Install this only if you want an agent to help draft and publish Jekyll blog posts. Before use, confirm the target repository, draft versus publish mode, language scope, translation provider, and exact files to update; do not expose broad GitHub or API credentials unless you are comfortable with the agent using them for this publishing workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill advertises broad natural-language triggers such as writing or publishing a blog post, which are common user intents and can cause the skill to activate outside a clearly scoped Jekyll-blog workflow. In an agent environment, overly broad invocation increases the chance of unintended execution of publishing-related steps, especially because the skill also references GitHub API publication and multilingual generation.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The when_to_use section includes short or ambiguous triggers like 'hreflang', 'Jekyll post', and 'SEO文章' without constraints tying them to a specific repository, publishing action, or user-confirmed workflow. This makes accidental invocation more likely and may route generic SEO or writing requests into a skill that can prepare content for publication and interact with external services.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad enough to match routine writing requests such as '写一篇博客' or 'write blog post', which can cause the skill to activate in contexts where the user did not intend repository publishing, multilingual syncing, or SEO automation. In this skill, over-broad routing is more dangerous because the documented workflow includes downstream external actions like translation API usage and GitHub Contents API publication, so accidental invocation can escalate from simple content generation to unintended modification or data transmission.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes automated translation through third-party services and repository updates through the GitHub Contents API, but it does not require user-facing disclosure or confirmation before sending content externally or modifying a repository. This creates a real risk of unintended exfiltration of draft content, metadata, or internal URLs, as well as unauthorized or surprising publication actions if the skill is invoked during normal authoring workflows.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal