ClawHub
Back to skill

Security audit

KDP Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly aligned with KDP publishing, but it gives agents under-scoped instructions for live Amazon account actions, uploads, and ad spending.

Install only if you are comfortable with an agent helping on live KDP publishing workflows. Before any browser automation, require manual confirmation for every upload, metadata/category change, pricing step, submission, and Amazon Ads budget or launch. Use a limited Google AI API key, avoid passing secrets in prompts or shell history, and do not send unpublished confidential content to Google services unless that is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The validator automatically harvests Google AI credentials from the environment and from a local credentials file even when the user did not explicitly pass an API key. In a local validation tool, implicit credential discovery expands the script's authority and can cause unintended use of sensitive credentials, especially because the same script can transmit image data to an external AI service when that feature is enabled.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger conditions are broad enough that the skill may activate for many publishing- or book-related requests without clear boundaries or exclusions. Over-broad activation increases the chance an agent applies account-upload, automation, or credential-handling behavior in contexts where the user only wanted advice or brainstorming.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section provides detailed browser automation steps for populating KDP fields and uploading files to Amazon without any user-facing warning that the behavior transmits data and can affect a real publisher account. In context, the skill is specifically designed to drive a production publishing workflow, so silent or poorly-signaled automation could cause unintended submissions, metadata changes, or account actions.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill tells users to supply an API key via environment variable, CLI flag, or local credential file, but it does not warn about secret exposure or safe handling practices. In an agent context, this can lead to credentials being stored in insecure locations, echoed in logs, or passed through command histories and prompts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
User-supplied prompts are sent to Google Gemini/Imagen services, but the tool provides no explicit privacy notice or consent checkpoint before transmitting potentially sensitive content to a third party. In an agent-skill context, users may assume local-only processing, so silent external transmission increases privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
When image text checking is enabled, the script uploads local image contents to Google's Gemini service but does not present a strong user-facing disclosure at the point of transfer. For publishing workflows, images may contain unpublished or sensitive creative content, so silent external transmission creates a real privacy and data-handling risk.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The script reads a local credentials file under the user's home directory without clearly notifying the user that filesystem-based credentials will be accessed. This is not credential exfiltration by itself, but it is a transparency and least-surprise issue that can lead to unintended account usage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal