ClawHub

Tumblr Auto Post

Security checks across malware telemetry and agentic risk

Overview

This Tumblr posting skill does what it advertises in broad terms, but it ships embedded account credentials and can publish public posts without a clear user-controlled approval flow.

Only install this if you control the target Tumblr account and have replaced or revoked the embedded credentials. Prefer a version that uses your own securely stored OAuth credentials, shows the generated content and destination blog, defaults to draft or preview, and requires explicit final approval before posting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill exposes shell/code execution capability through its command invocation but does not declare corresponding permissions in the manifest. This weakens user visibility and policy enforcement, making it easier for a seemingly simple content-posting skill to perform unexpected local actions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented behavior materially differs from the actual behavior: it uses hardcoded Tumblr OAuth credentials, posts to a fixed account, skips promised interactive inputs/confirmation, and generates largely fixed content. This is dangerous because users may believe they are authorizing a customized draft workflow while the skill can directly publish to an account they did not meaningfully approve.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The file contains hard-coded Tumblr API credentials, including consumer and access tokens. Embedded secrets are highly dangerous because anyone with access to the skill can reuse them to post, impersonate the account, or abuse the associated API access outside the intended workflow.

Intent-Code Divergence

Medium
Confidence
77% confidence
Finding
The manifest says no environment variables are required, while the documentation says image generation depends on GEMINI_API_KEY. This inconsistency can cause undeclared secret usage, confuse reviewers, and bypass expected security controls around credential provisioning.

Context-Inappropriate Capability

Medium
Confidence
78% confidence
Finding
The skill executes a separate local script from another skill directory, creating a trust-boundary violation: running this tool also runs arbitrary code maintained elsewhere in the workspace. In this context, that is more dangerous because the manifest emphasizes simple Tumblr posting, not delegated code execution, so users may not expect or review the additional code path.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The skill advertises broad automatic behavior culminating in direct publication without clearly constrained triggers. In the context of a posting skill with embedded credentials and no final confirmation, overly broad invocation language increases the chance of unintended or socially engineered publication actions.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
Although the documentation notes automatic publication, it does not clearly explain the account-impact and third-party data-sharing risks of sending generated content to Tumblr. This is especially risky here because the skill is configured against a specific account and publishes without a second confirmation.

Missing User Warnings

High
Confidence
99% confidence
Finding
Hardcoded Tumblr OAuth consumer and access tokens expose live publishing credentials to anyone who can read the file, copy the skill, logs, backups, or repository history. An attacker could reuse them to post unauthorized content, access associated account capabilities, and maintain persistence until the credentials are rotated.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The script transmits generated text and optional image data to Tumblr for publication without an explicit consent gate at the moment of transmission. In a skill that can generate content from user-supplied topics and auto-post, silent external publication raises privacy, data-loss, and reputational risks if sensitive or unintended content is sent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal