ClawHub

Multi Platform Crosspost

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent blog cross-posting workflow, but it can automatically publish and redistribute content through several external services with weak webhook scoping.

Install only if you intend this n8n workflow to publish or prepare public marketing content automatically. Move secret validation before any blog-admin fetch, use a long rotated webhook secret plus network/IP restrictions, add a manual approval or dry-run step before public posting, and use least-privilege credentials and test accounts first. Do not use it on private drafts or content containing secrets, personal data, or unpublished business information unless you remove or gate the OpenAI, email, Slack, and posting steps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The webhook-triggered workflow fetches content from the internal blog admin API before validating the shared secret. That means any unauthenticated caller can trigger authenticated internal API requests and downstream processing attempts, enabling unauthorized use of the workflow as a proxy and potentially causing information disclosure or resource abuse depending on how the admin API behaves.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill clearly automates publication to multiple third-party platforms and sends content through APIs and email, but the user-facing description does not prominently warn about this outbound transmission or the consequences of triggering it. That omission can cause users to run the skill without realizing it will distribute content externally, increasing the risk of unintended publication, data leakage, or reputational harm from accidental posting.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow sends article body content to OpenAI for transformation without any consent gate, classification check, or minimization step. If drafts, proprietary text, secrets, or embedded personal data enter the blog content source, that data is automatically transferred to a third-party AI provider.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow automatically publishes generated content to external platforms after only a shared-secret webhook check, with no human approval step or per-platform confirmation. A bad trigger, compromised secret, or poisoned source post could cause unauthorized public publication across company channels, creating reputational and data exposure risk.

Ssd 3

Medium
Confidence
95% confidence
Finding
Untrusted article content is propagated into multiple external sinks including AI, Slack, and email, creating a broad natural-language exfiltration path. If a post contains sensitive text, prompt-injection content, internal links, or confidential material, the workflow amplifies that data into several services and recipients automatically.

Ssd 3

Medium
Confidence
94% confidence
Finding
The prompt construction explicitly instructs the model to ingest article content and produce derivative outputs for many channels, increasing the blast radius of any embedded sensitive or malicious text. This makes accidental disclosure more likely because one source document is transformed and redistributed into several destinations automatically.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal