ClawHub

One Click Posting

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed posting workflow skill that creates local publishing packets and requires explicit user approval before live posting.

Install only if you are comfortable with an agent preparing public posts and retaining local publishing records. Keep body, cover, packet, screenshot, and archive paths inside a workspace you control, and require a fresh explicit confirmation before any platform publish or update action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
76% confidence
Finding
The skill instructs local file reads and writes to absolute paths and creates artifacts such as publish packets, archives, and memory entries, yet no explicit permission model is declared. In an agent environment, undeclared file access weakens trust boundaries and can lead to unintended access to sensitive local content or writes into important workspace locations if the skill is invoked broadly.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill presents itself as a one-click end-to-end posting pipeline, including approval gates, publishing, screenshots, and archival, but the described implementation only builds local packets and performs local validation. This mismatch is security-relevant because users or downstream agents may rely on claimed safeguards and execution steps that do not actually occur, creating a false sense of control, auditability, and completion.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are very broad, such as requests equivalent to 'post directly' or 'sync across platforms,' which overlap with ordinary user intents. In a tool-using agent, overly broad activation can cause this skill to engage in situations the user did not specifically intend, especially because the skill includes file operations and a workflow that may prepare publishing artifacts automatically.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal