ClawHub

B2C Mobile App Marketing Coach

Security checks across malware telemetry and agentic risk

Overview

This marketing skill appears purpose-related, but it expands from coaching into posting automation, local media processing, scheduling, file movement, and third-party API use without enough visible scoping or consent boundaries.

Review carefully before installing. Only use it with accounts and API keys you are willing to let an agent post through, require confirmation before any post or schedule is created, inspect exact source and destination paths before media is moved, and avoid enabling cron/background scheduling unless you understand how to disable it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The workflow explicitly instructs the agent to perform local media processing, scheduling, cron setup, and file-moving operations, which materially expands the skill from advisory/coaching into autonomous system activity. This is dangerous because it can trigger local command execution and filesystem changes without clear user confirmation or scope boundaries, increasing the chance of unintended side effects.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The manifest markets the skill as a marketing coach, but the body authorizes end-to-end posting automation and local operational tasks. This mismatch is risky because users may grant trust based on a benign description while the skill actually performs higher-risk actions such as external posting, local processing, and automation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill directs the agent to move posted videos into a local folder without warning that local files will be modified. Silent filesystem changes are dangerous because they can disrupt user workflows, break references, or cause data handling surprises without informed consent.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The ffmpeg example instructs local subprocess execution to inspect media content without any safety notice or confirmation step. Running local shell commands is risky because it expands the attack surface to command execution, dependency issues, and unintended processing of local files.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill instructs use of an API key from environment variables and transmission to an external service without clearly warning about credential use and data exfiltration boundaries. This is dangerous because users may not realize their local media, captions, account IDs, and scheduling metadata are being sent to a third party under an environment-scoped secret.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal