ClawHub

mar-content-draft-generator

Security checks across malware telemetry and agentic risk

Overview

This content-writing skill is mostly coherent, but it under-discloses outbound network use and a third-party Twitter/X lookup service.

Review before installing. This skill appears to help create drafts from supplied references, but installing users should assume reference URLs, Twitter/X links, and request metadata may be sent to external sites, including api.fxtwitter.com, and that generated notes may be saved locally. Avoid using private, sensitive, or access-controlled URLs unless the skill is updated to disclose and gate those actions clearly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Scope Creep

Medium
Confidence
96% confidence
Finding
The skill metadata claims no environment requirements, yet the workflow explicitly requires network access to fetch user-supplied URLs and to contact a third-party FxTwitter endpoint. This mismatch can bypass operator expectations and security review, causing the skill to be enabled in environments where outbound network use was not intended or properly constrained.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The security note says no external services are required, but the instructions later mandate web fetching and use of api.fxtwitter.com. This misleading assurance is dangerous because it can cause users or reviewers to underestimate privacy and data-transfer risk, especially when user-provided URLs are forwarded to a third party.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to save multiple intermediate and final artifacts to local storage without warning the user that their inputs and derived content will persist on disk. This can create unintended retention of potentially sensitive business ideas, writing strategies, URLs, or user responses, increasing exposure through later access or logs/backups.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill fetches user-supplied external URLs and rewrites X/Twitter links to a third-party API without explicitly informing the user that their requested resources will be contacted externally. This creates privacy and trust risks because referenced URLs, request metadata, and potentially session context may be exposed to remote services not expected by the user.

External Transmission

Medium
Category
Data Exfiltration
Content
### Step 2: Content Deconstruction

1. Fetch content from all reference URLs (use web_fetch tool)
2. For Twitter/X URLs, transform to FxTwitter API: `https://api.fxtwitter.com/username/status/123456`
3. Analyze each piece following the `references/content-deconstructor.md` guide
4. Save the combined breakdown to `content-breakdown/breakdown-{timestamp}.md`
5. Report: "✓ Content breakdown saved"
Confidence
95% confidence
Finding
https://api.fxtwitter.com/

External Transmission

Medium
Category
Data Exfiltration
Content
**Transform:**
- Input: `https://x.com/username/status/123456`
- API URL: `https://api.fxtwitter.com/username/status/123456`

## Error Handling
Confidence
95% confidence
Finding
https://api.fxtwitter.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal