ClawHub

Social Post Generator

Security checks across malware telemetry and agentic risk

Overview

This skill drafts social posts from user-provided URLs or text files, and its network/file access is expected for that purpose.

Install only if you are comfortable running small shell scripts that use curl. Provide public article URLs or non-sensitive text files, avoid localhost/private/internal URLs and credential-bearing links, and review the generated posts before publishing because the skill only drafts content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises executable shell scripts and requires `curl`, but does not declare corresponding permissions or clearly scope what the scripts are allowed to access. In practice this can lead to under-reviewed execution and network behavior, especially since the skill accepts URLs and may fetch remote content, increasing the chance of unintended command execution or outbound data access.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill states that it uses `web_fetch` to extract content from URLs but does not warn users that provided URLs may cause outbound network requests and transmission of user-supplied targets. This creates a transparency and trust issue and can become more serious if sensitive internal URLs or private content are passed to the skill.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The script will automatically fetch any user-supplied URL with curl, causing a network request to a third-party host without an explicit consent prompt or warning at execution time. This can leak sensitive URLs, trigger access to internal or private endpoints if the input is attacker-controlled, and create privacy/SSRF-style risk in environments where the skill runs with network access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script accepts an arbitrary user-supplied URL and automatically fetches it with curl, but provides no warning, confirmation, or restriction around outbound network access. This can leak the fact that the agent accessed a URL, trigger requests to attacker-controlled infrastructure, and in agent/runtime contexts may enable SSRF-style access to internal services or metadata endpoints if the environment has network reachability.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script fetches arbitrary user-supplied URLs with curl and follows redirects, without warning the user that network requests will be made and that request metadata such as IP address and User-Agent will be disclosed to remote hosts. In an agent skill context, this is more dangerous because it can be triggered on attacker-controlled URLs, enabling SSRF-style access to internal services or unintended outbound requests from a trusted environment.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal