ClawHub

Social Autopilot

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but it can autonomously publish public posts, comments, videos, and hosted media with broad account permissions and weak approval boundaries.

Install only if you intend to give the agent live posting authority. Use test accounts first, configure only the platforms you actually want, keep API tokens limited and revocable, avoid sensitive or proprietary CSV content, use dry-run/preview where available, and require a human approval step before any scheduled or "Post now" publishing workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill claims the content database stays local and is never uploaded, but the CSV is explicitly used to generate posts and threads that are published to external services. Even if the raw file is not directly transmitted, derived content from the dataset is sent off-platform, which can mislead users about data exposure and cause accidental leakage of sensitive or proprietary information.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The invocation phrase "Post now" is overly generic and can plausibly appear in normal conversation, test prompts, or quoted text, which creates a real risk of unintended activation. In this skill's context, accidental triggering is more dangerous because the action can directly publish content to linked social accounts, causing reputational damage or unwanted posts without a deliberate confirmation step.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README prominently advertises autonomous posting, scheduling, video generation, and comment posting, but does not provide clear warnings that the skill can perform real external actions on connected social media accounts. This is especially risky in a social autoposting skill because users may enable it without understanding that normal agent interaction could result in public posts, comments, or scheduled account activity with reputational and account-security consequences.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase "Post now" is extremely broad for a skill with autonomous cross-platform publishing. It could be activated by ordinary conversation, quoted text, or indirect prompt content, causing unintended posting to public accounts and reputational or business harm.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger "Generate video" is ambiguous and insufficiently scoped, making accidental activation plausible in normal conversation. In this skill, video generation can prepare publishable assets and may cascade into downstream posting workflows, increasing the chance of unintended content creation or disclosure.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The manifest describes a 'full autopilot social media engine' that automatically generates and posts across multiple platforms, but it does not define user approval steps, trigger boundaries, rate limits, or other invocation constraints. In an agent ecosystem, this ambiguity is risky because it could enable broad autonomous actions on external accounts with little operator awareness, increasing the chance of unauthorized posting, spam, reputational harm, or abuse if the skill is invoked unexpectedly.

Natural-Language Policy Violations

Low
Confidence
83% confidence
Finding
The description states that the skill posts to X, Instagram Reels, YouTube Shorts, and Meta/Facebook as a built-in behavior, but it does not indicate that the user can opt in or choose which platforms are enabled. That makes the capability set broader than necessary and can lead to unintended publication on third-party services, especially in multilingual or locale-sensitive contexts where posting behavior should be explicitly user-directed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal