ClawHub

Social Post Generator Agent

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it reads a user-provided article file or URL and prints social post drafts, with no evidence of hidden posting, credential theft, or persistence.

Install if you want a shell-based helper that reads content you provide and fetches URLs you provide. Do not pass private files, internal network URLs, localhost/cloud metadata endpoints, or URLs containing tokens unless you intend that runtime to read or request them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises shell-based execution capability via scripts and a required binary (`curl`) but does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users or orchestrators may invoke the skill without realizing it can execute commands and make network requests, increasing the risk of unintended code execution pathways or unsafe deployment in restricted environments.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README states that the skill fetches content from URLs but does not clearly warn users that invoking it may cause outbound network access. In agent environments, undisclosed network egress can expose sensitive URLs, enable SSRF-style access to internal resources if inputs are not constrained, or violate execution policies where external communication must be explicit.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The script will automatically make an outbound network request when the input looks like a URL, but it does not clearly warn the user that remote content will be fetched. This can expose the user's IP address, trigger access to internal or sensitive endpoints if untrusted input is supplied, and create privacy or SSRF-style concerns in environments where the agent may have broader network reach than the user expects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script makes outbound HTTP requests to any user-supplied URL with curl and gives no explicit warning or consent prompt before transmitting data to a remote host. In an agent/skill context, this can trigger unintended network access, expose internal-only URLs to probing (SSRF-style behavior), and leak usage metadata such as IP address and user agent to attacker-controlled servers.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script performs network requests to arbitrary user-supplied URLs without explicit notice, validation, or restrictions. In an agent or automation context, this can enable SSRF-style access to internal services, unexpected data egress, or contacting attacker-controlled infrastructure simply by passing a crafted URL.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal