ClawHub

social-content

Security checks across malware telemetry and agentic risk

Overview

This social-media skill mostly matches its purpose, but it needs Review because it asks for a sensitive API key and describes broad publishing and scraping workflows without clear user approval or data-sharing guardrails.

Install only if you are comfortable using a SkillBoss API key with social-content workflows. Treat the skill as draft-only unless you explicitly approve each post, destination account, platform, and scheduled time. Before using the scraper guidance, confirm you are allowed to collect the target content and that doing so complies with platform rules, privacy expectations, and copyright obligations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill's stated purpose is social content creation/scheduling, but it also directs the agent to perform large-scale third-party scraping via an external API. This expands the operational scope into data collection and external transmission without clear necessity, increasing privacy, compliance, and misuse risk.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Embedding a web-scraping capability in a general social-content skill gives the agent access to collect arbitrary third-party content beyond what is needed for normal drafting or scheduling assistance. Because the capability is not tightly scoped, users may trigger external scraping unintentionally or use the skill for bulk surveillance/competitive intelligence collection.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The manifest uses very broad trigger terms such as general references to social media, engagement, and platform names, which increases the chance the skill is invoked for routine discussion rather than intentional tool use. Over-broad activation matters here because the skill also describes external publishing and scraping capabilities, so accidental invocation can expose users to unintended actions or disclosures.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill states it has direct access to a scheduling/publishing platform, but it does not instruct the agent to warn the user when content may be sent to external services or posted on their behalf. This creates a transparency and consent gap around external transmission and potentially high-impact actions on public accounts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The instructions recommend collecting 500-1000+ third-party social posts via a scraper API without warning about privacy expectations, platform terms, or consent boundaries. At that scale, the workflow normalizes bulk collection of others' content and metadata, which can create legal, policy, and reputational exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal