ClawHub

Social Poster

Security checks across malware telemetry and agentic risk

Overview

This skill is meant to post social media content, but it embeds a reusable posting API key and can send text to an external service without a built-in confirmation step.

Install only if you trust the publisher and are comfortable with approved text being sent to the disclosed VibePost/Replit endpoint for possible public posting. The embedded API key should be removed and rotated, and the skill should require an explicit preview and confirmation with the exact text and target platform before any post is sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation says this skill posts via the VibePost API, but the actual endpoint and authentication header reference a different 'quack' namespace and a Replit-hosted service. This mismatch is dangerous because users and downstream agents may trust the documented branding while unknowingly sending authenticated content to an unexpected third-party endpoint, increasing the risk of credential misuse, unauthorized posting, or data exfiltration.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad and generic, such as 'tweet' and 'share update', which can cause the skill to activate in situations where the user did not intend to publish content. In a posting skill, accidental activation is especially risky because it can perform irreversible external actions using authenticated credentials.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description does not clearly warn that it will publish content to an external social media service using an authenticated API. In this context, the missing warning makes the skill more dangerous because users may not realize that invoking it can immediately send public content through a credentialed external service.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script sends user-supplied text directly to a remote API that is explicitly used to publish social media content, but it provides no warning, confirmation, preview, or disclosure to the user before transmitting and potentially posting that content. In an agent-skill context, this is dangerous because a prompt, tool chain, or mistaken invocation could cause unintended public posting or exfiltration of sensitive text to a third-party service without the user's informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal