ClawHub
Back to skill

Security audit

social-content

Security checks across malware telemetry and agentic risk

Overview

This social-content skill is mostly aligned with its purpose, but it needs review because it combines publishing authority and large-scale scraping guidance without enough consent and scope controls.

Review before installing. Only provide a SKILLBOSS_API_KEY if you understand what accounts and scraper functions it can access. Use this skill for drafting and strategy unless you explicitly approve a post preview and destination account, and avoid scraping private, protected, or unauthorized content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs collecting 500-1000+ third-party posts using a scraping API, which materially expands scope from content assistance into bulk data harvesting. This creates privacy, terms-of-service, and misuse risk, especially because it operationalizes collection at scale with a concrete API endpoint and auth-backed capability.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger description is broad enough to capture many ordinary requests about social media, increasing the chance this skill is invoked when users did not intend account-affecting or data-collection behaviors. Overbroad routing is dangerous here because the skill also describes direct publishing access and scraping workflows, so accidental activation can expose higher-risk capabilities.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states it has direct access to a scheduling platform that publishes to major social networks but does not warn about external side effects or require confirmation before account-affecting actions. In context, this can lead to unintended posting, scheduling, or modification of external accounts based on ambiguous user requests.

External Transmission

Medium
Category
Data Exfiltration
Content
Gather 500-1000+ posts from your identified creators for analysis:

**Tools:**
- **SkillBoss API Hub (scraper)** — Web scraping via `POST https://api.skillbossai.com/v1/pilot` with `{"type": "scraper", "inputs": {"url": "..."}}`, requires `SKILLBOSS_API_KEY`
- **Export tools** — Platform-specific export features
- **Manual collection** — For smaller datasets, copy/paste into spreadsheet
Confidence
89% confidence
Finding
https://api.skillbossai.com/

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
Gather 500-1000+ posts from your identified creators for analysis:

**Tools:**
- **SkillBoss API Hub (scraper)** — Web scraping via `POST https://api.skillbossai.com/v1/pilot` with `{"type": "scraper", "inputs": {"url": "..."}}`, requires `SKILLBOSS_API_KEY`
- **Export tools** — Platform-specific export features
- **Manual collection** — For smaller datasets, copy/paste into spreadsheet
Confidence
81% confidence
Finding
Tools:*

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal