ClawHub

AKA SEO Wireframe

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed SEO content-generation skill with optional WordPress publishing, but users should treat the deployment and auto-fix modes as live-site changes.

Install only if you are comfortable with a tool that can generate many files and, when WordPress credentials are provided, create or modify many live pages and site settings. Use a staging site and --dry-run first, provide a limited WordPress application password, revoke it after use, verify any external npx package or theme ZIP before running, and fact-check all generated content before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Description-Behavior Mismatch

Medium
Confidence
79% confidence
Finding
The auto-fix behavior expands the skill from analysis into modification of deployed content, which increases risk substantially if users expect a read-only wireframing/content tool. Unexpected write actions against a live site can alter SEO metadata, headings, schema, and media-related fields without adequate operator review, causing integrity and availability issues for published content.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The documentation grants the deployer authority to install and activate a full WordPress theme, which is a site-wide administrative action far beyond exporting generated content. In the context of a content-generation skill, this expands blast radius from page publishing to full presentation-layer control, enabling unintended site modification or abuse if invoked against a live site.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The file describes site-wide WordPress configuration changes such as permalink updates, breadcrumb configuration, menu creation, and SEO/plugin metadata management, which exceed the expected scope of content wireframe generation/export. These actions can alter global site behavior and navigation on production systems, creating operational and security risk through over-privileged automation.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Theme installation and activation is context-inappropriate for a skill whose primary purpose is generating and deploying structured content. Because themes can execute PHP and alter the entire site's rendering and behavior, including this capability materially increases risk and privilege requirements beyond what users may reasonably expect from a content tool.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The batch mode explicitly generates and saves dozens of files to a hub directory, but the skill text does not mention confirmation prompts, dry-run behavior, overwrite protection, or backup/versioning safeguards. In an agent context, this can lead to unintended bulk filesystem modification or silent overwriting of existing content if invoked with the wrong hub or in an already-populated workspace.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The workflow includes an automated deploy step that can push content live to WordPress, yet the documentation does not prominently warn users that running automation may modify a production site. In an agent context, insufficient disclosure around live-changing actions increases the risk of accidental unauthorized publication, SEO damage, or disruptive changes to site hierarchy and content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The orchestrator collects business contact details and indicates downstream use of WordPress credentials, but it provides no privacy, storage, or handling guidance for that sensitive data. In an agent workflow, unclear treatment of credentials and business PII can lead to over-collection, insecure persistence in config files, accidental logging, or exposure through generated artifacts and status tracking.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The library explicitly instructs users to deploy AI-generated content after only reviewing and refining it, but it does not require verification for factual accuracy, originality, legal compliance, or policy compliance. In an SEO/content-at-scale skill, this omission increases the chance that inaccurate, plagiarized, defamatory, or noncompliant material is published directly to production sites.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
These batch-generation prompts encourage producing and publishing large volumes of pages and localized variants without warning about quality control, duplication, hallucinated details, or site-integrity risks. At this scale, a single bad prompt or unchecked output can propagate errors across many public pages, harming users, business credibility, and potentially search visibility.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The localization prompt tells users to replace generic content with city statistics, state laws, local business mentions, and other location-specific claims, then labels the result 'ready to publish' without requiring verification. This is risky because localized claims are especially prone to hallucination and can create false legal, statistical, or reputational statements that mislead users and expose the publisher to liability.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Documenting auto-fix capability without a clear warning about live-site modification is unsafe because operators may invoke the skill assuming it is advisory only. In a WordPress context, automated edits to production pages can unintentionally damage content structure, SEO signals, or site presentation at scale.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The --fix flag enables potentially impactful automated changes but is presented without strong safeguards, confirmation requirements, or a warning banner. Because this skill targets deployed WordPress pages and can operate across a whole site, misuse could lead to widespread unintended content changes, broken layouts, or SEO regressions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill requests WordPress admin username and app password or environment variables without any explicit guidance on secure handling, storage, redaction, or least-privilege usage. In an agentic setting, normalized credential collection without safety guardrails increases the chance of accidental exposure in logs, transcripts, screenshots, or reuse in unsafe contexts.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation describes creating and updating published WordPress pages on a live site but does not prominently warn that these actions can make irreversible or difficult-to-reverse production changes. In this skill context, the danger is elevated because users may perceive it as a content helper while it can directly alter navigation, hierarchy, URLs, and public-facing pages.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal