ClawHub

x-recap

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a disclosed X recap helper that uses local browser automation and screenshots for its stated purpose, with no artifact-backed evidence of exfiltration or destructive behavior.

Install this if you want an agent to open X pages, capture screenshots, and summarize specified accounts. Review the skill's trigger wording and output-language rules so it only runs when you intend X-specific monitoring, and avoid using it with private browser sessions unless you are comfortable with local screenshots being created.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is broad enough to trigger on many generic 'track' or 'recap X posts' requests, increasing the chance the agent invokes this skill when the user did not intend browser automation, screenshot capture, or cron-related workflows. Overbroad routing can cause unintended collection of account content, unnecessary external access, and prompt/behavior hijacking through irrelevant skill activation.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The output rules prescribe Chinese-language responses and specific formatting regardless of user preference, which can override higher-level user instructions and create prompt-scope conflicts. While not directly enabling code execution, this is a real policy/control issue because it can cause the agent to disregard user language choice and produce misleadingly constrained outputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal