ClawHub

Seo Blog Writer

Security checks across malware telemetry and agentic risk

Overview

This SEO writing skill appears legitimate, but it asks agents to use broad execution authority that is not tightly scoped to the declared writing workflow.

Review before installing. Use it only in a dedicated project folder with an explicit output_dir, avoid granting full subagent execution unless you accept broad command authority, and expect it to crawl provided domains and competitor pages before producing local article files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Scope Creep

High
Confidence
97% confidence
Finding
The skill explicitly instructs subagent execution with `security: "full"` and references `curl`/exec-based operations, while the manifest only declares `disk_write`. That creates a permission mismatch and can cause the skill to run with broader capabilities than users or policy expect, increasing the blast radius if the workflow or any fetched content is abused.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The skill promises that nothing will be written until user confirmation, but then instructs automated/subagent mode to save a discovery summary before that confirmation. This violates the documented trust boundary and can lead to unintended disk writes, including to user-configurable paths, before consent is granted.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match ordinary writing requests, making accidental invocation of a high-capability, disk-writing automation skill more likely. Unintended activation is especially risky here because the skill performs autonomous multi-phase actions, web access, and file creation with minimal additional gating.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal