ClawHub

LinkedIn Post Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed pay-per-use LinkedIn post generator, but users should understand it contacts SkillPay and a local OpenClaw/Sloan agent when run.

Install only if you are comfortable with a pay-per-use tool that may contact SkillPay before generation and pass your topic to OpenClaw/Sloan or a localhost gateway. Use --test to avoid payment while trying it, and use a trusted OpenClaw installation and dependency source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
79% confidence
Finding
The skill advertises no explicit permissions, yet it documents access to environment variables such as payment and gateway tokens. This creates hidden capability beyond simple content generation and can mislead users or platforms about the skill's access needs, increasing the risk of unintended secret exposure or unauthorized use of local integration tokens.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented purpose is LinkedIn post generation, but the skill also introduces billing behavior, external payment interactions, and mentions an embedded merchant key by default. This mismatch is dangerous because users may invoke a seemingly simple content tool without understanding it can contact unrelated external services or rely on hardcoded payment credentials, expanding the attack surface and creating financial and secret-management risk.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill’s stated purpose is LinkedIn post generation, but it also performs external billing, which is a materially different capability with financial consequences. Hidden or under-disclosed charging behavior can mislead users, create unauthorized payment risk, and expands the trust boundary beyond what the manifest describes.

Context-Inappropriate Capability

Medium
Confidence
78% confidence
Finding
The skill spawns a local CLI subprocess to invoke `openclaw`, which introduces an execution capability beyond simple content generation. Even though arguments are passed as an array rather than shell-interpolated, invoking an external binary increases attack surface, depends on local PATH integrity, and is not obviously necessary from the declared skill behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that payment is handled automatically via an embedded merchant key, but it does not clearly warn users when charges occur, how often they may be billed, or what financial consequences normal use can trigger. In a CLI skill that can be invoked repeatedly, insufficient disclosure around automatic billing can mislead users into incurring unexpected charges and normalizes unsafe payment practices such as embedding merchant credentials.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code transmits billing-related data to an external payment API, but the file’s behavior does not provide clear pre-charge disclosure or an explicit confirmation step immediately before transmission. This creates consent and transparency risks around financial operations, especially in an agent skill context where users may not expect networked payment side effects.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
User-supplied topic content is sent to a local/remote agent service without a clear privacy warning or data handling disclosure. Topics may contain sensitive professional or personal information, and forwarding them to another service without notice can violate user expectations and leak data outside the immediate tool.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal