ClawHub

Poetize Blog Automation

Security checks across malware telemetry and agentic risk

Overview

This is a coherent blog automation skill, but it needs Review because it can publish or change a live blog, configure payment settings, and automatically upload referenced local files without tight path limits.

Install only if you trust the publisher and are comfortable giving the skill an API key that can administer your POETIZE blog. Use a staging blog first, keep the API key out of source control and chat transcripts, review every mutating command before it runs, avoid paymentConfigFile unless intentionally configuring payments, and set uploadLocalImages:false or inspect all Markdown image paths before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The publish script includes payment-plugin inspection, configuration, activation, and connection-testing logic, which materially exceeds the declared blog-post publishing scope. In a skill context, this expands authority from content management into server-side payment infrastructure management, increasing the blast radius if the skill is invoked with a privileged API key and local config path.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
When paid publishing is requested, the workflow can read a local JSON file and send its contents to remote endpoints to configure and activate a server payment plugin. This can exfiltrate sensitive local secrets from the operator environment and modify server payment settings, which is especially dangerous because it is embedded in an otherwise routine article-publishing flow.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill enables implicit invocation while its default prompt describes a very broad set of high-impact blog administration actions, including publishing, hiding content, changing themes, and modifying SEO. Without tighter trigger constraints or explicit confirmation boundaries, a model could invoke this skill from loosely related user requests and perform unintended administrative operations on the blog.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide explicitly tells users to place a live POETIZE API key into plaintext JSON and environment files, but provides no warning about credential sensitivity, storage risks, or access controls. In an agent/IDE context, these files are often broadly readable by local tools, extensions, logs, backups, or source control, increasing the chance of credential leakage and unauthorized blog administration.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The guide encourages smoke tests, publishing, and image upload workflows that modify remote blog state, but does not clearly warn users that these actions can publish content, upload files, or alter production data. In an autonomous agent setting, unclear boundaries around mutating operations increase the risk of unintended posts, content changes, or asset uploads to a live site.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The reference states that local Markdown and HTML image paths are automatically uploaded to a remote API before publish/update, but it does not require an explicit user confirmation or clear warning that local files will leave the machine. In an agent setting, this can cause unintentional exfiltration of sensitive local files if a prompt, draft, or crafted content references private paths.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to provide payment-plugin credentials such as user IDs and API tokens, but does not include handling guidance for secrets in an agent workflow. That increases the risk of exposing credentials through chat transcripts, logs, brief files, or accidental reuse in prompts and generated artifacts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script automatically resolves and uploads local image references found in Markdown/HTML content, sending file contents to the remote API by default. Because this behavior is implicit and can follow relative or file:// paths, a user or upstream agent could unintentionally cause disclosure of local files bundled near the article content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal