Blog Content Publish
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed publishing workflow for misonote.com with expected authentication and public content changes, plus a disclosed ClawHub sync command that users should run deliberately.
Install only if you intend an agent to publish or update content on misonote.com and possibly sync repository skills to ClawHub. Verify the npm package source, confirm the active account with whoami, review dry-run output, and approve the exact posts, uploads, or skills before running real publish, update, upload, or sync-all commands.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.