ClawHub

XHS Viral Content Factory

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local-to-LLM content draft generator, with expected privacy risk because selected files are sent to the configured model provider.

Install only if you are comfortable sending the files you choose, and any optional history file, to your configured LLM provider. Avoid using sensitive private documents, verify the endpoint and API key scope, review drafts before publishing, and convert PDFs to text first because native PDF extraction is not actually implemented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares no permissions even though its documented behavior requires reading local files, writing outputs, accessing environment variables, and sending content over the network to an external LLM provider. This creates a transparency and consent problem: users and platforms cannot accurately assess the data exposure and capability surface before execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose and the observed behavior do not fully match: the skill sends local content to an external LLM service, may read publishing history, and apparently lacks some claimed functionality such as PDF extraction and true automatic mode matching. Security-relevant mismatches are dangerous because users may provide sensitive local documents under false assumptions about what the tool does and where the data goes.

Ssd 3

Medium
Confidence
95% confidence
Finding
The script embeds raw source material and publishing history directly into the LLM prompt, then sends that prompt to an external API. If the source or history contains sensitive, proprietary, or personal data, the model may process and potentially reproduce that information in outputs, causing confidentiality loss; the risk is elevated because this skill is explicitly designed to ingest arbitrary files and folders.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal