ClawHub

Ai Social Media Manager

Security checks across malware telemetry and agentic risk

Overview

This looks like a coherent social-media automation skill, but it asks users to store powerful account credentials in a plaintext agent-readable file and under-discloses posting risks.

Install only after treating it as a Review item: do not paste passwords or session cookies into TOOLS.md, prefer scoped API tokens kept in a secret manager or environment variables, and require manual review before any real posting, auto-reply, or bulk engagement. The artifacts do not show malicious exfiltration or destructive behavior, but the credential handling and public-action safeguards are under-specified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README promotes automated replying and engagement actions on public social platforms without mentioning confirmation gates, draft review, rate limits, or safeguards against incorrect or harmful responses. In this context, the skill can trigger unintended public actions, reputational damage, spammy behavior, or platform policy violations if users enable automation blindly.

Missing User Warnings

High
Confidence
97% confidence
Finding
The credential setup instructs users to place usernames, cookies, passwords, and API tokens into TOOLS.md, which encourages storing sensitive secrets in a documentation-style file that may be readable, committed to source control, or exposed to other tools. Including cookies and passwords is especially dangerous because compromise could allow account takeover and unauthorized posting across multiple platforms.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises automated replies and asks users to place social-media credentials directly into TOOLS.md, but it does not warn about privacy risks, account takeover exposure, unintended posting, or platform-policy violations. In the context of a social-media automation skill, these capabilities can directly act on public accounts and private messages, so missing safety guidance materially increases the chance of harmful or unauthorized actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README documents storing platform credentials in TOOLS.md and exposes automation capabilities for posting, reading comments, and analytics across multiple social platforms, but it provides no guidance on secure secret handling, scope minimization, consent, rate limits, or account-safety implications. In an agent skill context, this omission can lead users to place live credentials in insecure locations and enable high-impact automated actions against real accounts without understanding operational or policy risks.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal