ClawHub

Card News Generator

Security checks across malware telemetry and agentic risk

Overview

This skill mostly creates Instagram-style card images, but it also includes under-scoped publishing and sharing steps that could use local credentials or send content externally.

Install only if you are comfortable treating this as a generation-plus-publishing workflow. Before allowing upload or Telegram delivery, review the images and caption, confirm the target account or recipient, and avoid using the --jpeg helper with untrusted output paths until the shell command is made safer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill’s documented behavior goes beyond card-news generation into publishing and operational forwarding workflows, including posting via another skill and fallback transmission through Telegram. This expands the effective capability from local asset generation to content exfiltration and account action execution, creating a scope mismatch that can surprise users and increase risk if invoked without explicit consent.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The Telegram fallback introduces an unrelated outbound channel that is not necessary for image generation and could transmit generated content, captions, or sensitive business material to a third-party messaging service. Because it is presented as an operational fallback rather than an explicitly consented sharing action, it increases the chance of unintended disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions direct use of a local .env file to perform API uploads but do not warn that stored credentials will be used or that content and captions will be transmitted off-device. This can lead to silent use of privileged tokens and external publication actions without adequate transparency, which is especially risky in an automated agent context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal