ClawHub

一键生成高互动文案视觉封面

Security checks across malware telemetry and agentic risk

Overview

This skill coherently creates social media copy and local HTML cover files, with local file creation and a folder-opening convenience step users should understand.

Install this if you want an agent to generate social media copy and local HTML cover pages. Before running it, confirm the output folder, treat generated files as persistent local artifacts, and ask the agent not to run the folder-opening command unless you want that UI action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs writing HTML files into a fixed local workspace path, which is a real file-write capability, but this side effect is not declared via permissions or clearly surfaced in the metadata. Undeclared write behavior reduces user awareness and weakens trust boundaries, especially when combined with automation instructions that imply mandatory filesystem changes.

Description-Behavior Mismatch

Low
Confidence
78% confidence
Finding
Automatically opening the local output directory after completion is an unnecessary side effect for a content-generation skill and may surprise users. Although low severity by itself, it normalizes automatic local UI actions and can become more concerning when paired with other hidden filesystem or command-execution behaviors.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill includes an instruction to execute a shell command (`open ...`) to launch Finder, which introduces command-execution behavior beyond the core need of generating text and HTML. Even though the shown command is simple, embedding shell execution in a skill broadens the attack surface and can be abused if path components ever become user-influenced or if similar patterns spread elsewhere.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill directs the agent to write files into a fixed directory and automatically open that directory, but this operational behavior is not transparently disclosed in the user-facing description. Hidden or under-disclosed local side effects can mislead users about what the skill will change on disk and undermine informed consent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal