ClawHub

Panews Creator

Security checks across malware telemetry and agentic risk

Overview

The skill appears aimed at legitimate PANews publishing, but it needs review because it can use a browser session token for account-changing actions and has broad implicit triggers plus no CLI-level delete confirmation.

Install only if you intend to let the agent manage PANews creator content. Use an environment variable or credential store for PA-User-Session rather than pasting it into chat or command history, confirm the target column/article before any create, submit, update, or delete action, and be especially careful with delete because the CLI does not enforce a second confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The example triggers include broad natural-language phrases like "Help me publish this article" and "Upload this cover image and find tags for my draft," which can match ordinary user requests without clearly constraining that the PANews skill should only activate for authenticated PANews workflows. In a skill that can create, update, submit, or delete content, overbroad activation increases the risk of the agent invoking privileged publishing actions in the wrong context.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger intent "I want to publish an article / help me submit" is ambiguous and lacks platform-specific scope, making it possible for generic publishing or writing requests to activate this PANews skill. Because this skill supports authenticated state-changing actions, accidental invocation could expose draft metadata, perform unwanted submissions, or steer users into supplying sensitive session tokens unnecessarily.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger 'User wants to check submission status or see their articles' is broad enough to match common article-related requests that may not specifically indicate the user wants this management workflow. In a skill that can enumerate drafts, rejected content, and other article metadata using a live session token, over-broad activation can cause unintended access or disclosure of account data and may steer the agent into taking actions the user did not clearly request.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad enough to match common conversational requests like "Check this for me" or "Are there any issues with this article," which can cause the skill to activate unintentionally outside a clearly scoped PANews article-polishing context. In an agent environment, overbroad activation can lead to workflow misrouting, unintended handling of arbitrary user content, and accidental transitions into adjacent publishing workflows.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The `delete-article` command performs an irreversible authenticated remote delete immediately after argument parsing, with no confirmation, dry-run mode, or safety interlock. In an agent skill context, this increases the risk of accidental destructive actions from prompt confusion, argument mistakes, or unintended tool invocation.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal