ClawHub

Content Marketing

Security checks across malware telemetry and agentic risk

Overview

This content marketing skill is benign: it provides marketing guidance and optional local note storage with user consent, with no evidence of hidden execution or external data sharing.

Install this if you are comfortable with an agent optionally keeping local content strategy, brand voice, calendar, and draft notes in ~/content-marketing/. Decline storage for one-off ideation, and delete that folder later if you want to remove saved data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Low
Confidence
91% confidence
Finding
This markdown file directs the agent to create `~/content-marketing/memory.md` and `~/content-marketing/calendar.md`, and later to update fields like `last` on each use. Because these actions affect user files, the skill description should disclose that it will write to the local filesystem so users understand the data-modifying behavior.

External Transmission

Medium
Category
Data Exfiltration
Content
- Content ideas in `~/content-marketing/content-bank/`

**This skill does NOT:**
- Send data to external services
- Access files outside `~/content-marketing/`
- Create files without explicit user permission
- Collect or transmit analytics
Confidence
70% confidence
Finding
Send data to external

Exfiltration Commands

High
Category
Prompt Injection
Content
- Content ideas in `~/content-marketing/content-bank/`

**This skill does NOT:**
- Send data to external services
- Access files outside `~/content-marketing/`
- Create files without explicit user permission
- Collect or transmit analytics
Confidence
90% confidence
Finding
Send data to external

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal