ClawHub

Hexo Blog with SEO

Security checks across malware telemetry and agentic risk

Overview

The skill does what a Hexo publishing helper advertises, but its instructions create a real risk of deploying a live blog update without a clear final approval.

Review this skill before installing. Use it only if you are comfortable with an agent editing your Hexo repository and potentially using configured deploy credentials. Require the agent to show the target repo path, changed files, and deploy intent, and do not permit npx hexo deploy unless you have just approved that specific post going live.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill contains conflicting safety instructions: draft mode says not to deploy without explicit publish intent, but the later workflow says to run clean/generate/deploy whenever a post is modified or created. In an agent setting, contradictory instructions often resolve to the more concrete command sequence, which can cause an unpublished draft or unintended edits to be pushed live without the user's consent.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
This is a true vulnerability because the skill first requires explicit confirmation before going live, then overrides that safeguard with an unconditional instruction to run `npx hexo deploy` after modifying or creating a post. That contradiction can lead an agent to publish content or repository changes to the live site even when the user intended only drafting or local polishing.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to create and modify Markdown files and to run `hexo deploy`, which can publish content and push changes to a remote repository, but it does not require an explicit confirmation or warn the user before taking these impactful actions. In an agent setting, this increases the risk of unintended publication, overwriting content, or deploying unreviewed material if the agent misinterprets user intent or uses an incorrect blog path.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The invocation language is broad enough that ordinary requests about drafting, updating Markdown, SEO polishing, or publishing could trigger the full skill, including repository writes and possible deployment behavior. In context, that increases the chance of accidental activation of high-impact actions when the user may have only wanted advice or a draft, especially given the later contradictory deploy logic.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill declares requirements for local repo access, write permissions, and deployment credentials early on, but it does not provide an equally prominent upfront warning that using the skill may modify the repository and push live changes. In a tool-using agent, that omission can prevent the user from understanding the operational risk before the skill proceeds toward destructive or externally visible actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal