ClawHub

BrewPage Publish

Security checks across malware telemetry and agentic risk

Overview

This is a coherent publishing skill, but its broad triggers and public upload behavior create a real risk of unintentionally exposing local content.

Install only if you intentionally want an agent to publish selected content to brewpage.app. Before using it, verify the exact file, directory, ZIP, or text being uploaded, avoid secrets or personal data, consider password protection, and keep ./brewpage-history.md private and out of git because it contains deletion tokens.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The natural-language triggers are broad enough that routine phrases like 'publish this' or 'deploy this directory' could invoke the skill unexpectedly, causing the agent to upload local content to a public hosting service. In this skill's context, unintended invocation is especially risky because the action is externally networked and results in public exposure of user-provided files or text.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README promotes publishing content publicly and mentions saving an owner token to a local history file, but it does not prominently warn users that uploaded data becomes publicly accessible and that the token file is sensitive local state. In this context, insufficient disclosure increases the chance that users publish sensitive files or mishandle the owner token, leading to privacy loss or unauthorized deletion if the token file is exposed.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list is very broad and includes generic phrases like "publish," "share link," and "upload," which can cause the skill to activate in contexts where the user did not specifically intend to send data to brewpage.app. In a publishing skill that transmits user content externally, accidental invocation materially increases the risk of unintended public disclosure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The description emphasizes convenience and instant hosting but does not prominently warn that content is being made publicly accessible on an external service. Given the skill's purpose is publication and it can handle files and directories, missing an up-front public disclosure warning creates a substantial risk that users expose sensitive data unintentionally.

External Transmission

Medium
Category
Data Exfiltration
Content
PAYLOAD=$(jq -n --arg c "$CONTENT" '{content: $c}')
PASS_H=()
[ -n "$PASSWORD" ] && PASS_H=(-H "X-Password: $PASSWORD")
RESPONSE=$(curl -s -X POST "https://brewpage.app/api/html?ns={ns}&ttl={days}&format=markdown" \
  -H "Content-Type: application/json" \
  "${PASS_H[@]}" \
  -d "$PAYLOAD")
Confidence
98% confidence
Finding
curl -s -X POST "https://brewpage.app/api/html?ns={ns}&ttl={days}&format=markdown" \ -H "Content-Type: application/json" \ "${PASS_H[@]}" \ -d

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal