ClawHub

Ghost CMS Agent

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Ghost CMS helper that uses a Ghost admin key to list, create, update, publish, and tag content, with no hidden persistence or unrelated behavior found.

Install only if you intend to let the agent operate on a Ghost site with Admin API authority. Use a dedicated integration key, keep it out of logs and shell history, prefer environment variables or a secret manager, test against staging first, and avoid --publish or --id updates unless you are ready to change live content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill invokes shell scripts but does not declare corresponding permissions, which hides its execution capabilities from users and any permission-gating system. In a skill that also uses authenticated Ghost Admin API credentials, undeclared shell access increases the chance of unexpected command execution and weakens reviewability and containment.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documented behavior understates the actual administrative capabilities by omitting operations such as updating posts by ID and listing posts through the Admin API. This mismatch can cause users or policy systems to grant access under an incomplete understanding, which is particularly risky because the skill holds credentials that can modify live site content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description says it can manage Ghost content, but it does not clearly warn that authenticated Admin API actions can immediately publish content and create tags. In context, this makes the skill more dangerous because a user may treat it like a low-risk content utility when it can perform irreversible or publicly visible changes on a production CMS.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The configuration instructions present the Ghost Admin API key directly without labeling it as a sensitive secret or giving handling precautions. This is dangerous because users may paste production credentials into insecure environments, logs, screenshots, shell history, or shared sessions, enabling unauthorized administrative access to the CMS.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script accepts the Ghost Admin API key via the --api-key command-line option, which can expose the credential through shell history, process listings, audit logs, and job runner metadata. In this skill's context, the key grants authenticated administrative access to Ghost content, so accidental disclosure could allow unauthorized post listing and potentially broader CMS actions depending on key scope.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal