ClawHub

youmind-beehiiv-article

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches a Beehiiv writing and publishing tool, but it also exposes destructive post deletion and an unrelated image-generation path that users should review before installing.

Review this carefully before installing. It needs access to your YouMind API key and can act on the Beehiiv account connected in YouMind, including publishing and deleting posts. Use draft mode by default, avoid invoking delete unless you intend to remove a specific post, protect ~/.youmind/config.yaml as a secret, and do not send confidential drafts or source material unless you are comfortable with YouMind, web-search providers, and Beehiiv receiving that content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The CLI exposes listing, fetching, template enumeration, updating, and deletion of Beehiiv posts, which exceeds the skill's declared purpose of writing and publishing articles. In an agent context, this broadens the action surface and can enable unintended content discovery, modification, or removal if the agent or prompting layer invokes the wrong command.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The delete/archive command is not aligned with the advertised skill behavior and introduces an unnecessary destructive capability. In a connected publishing environment, a mistaken or manipulated invocation could remove or archive legitimate newsletter content, causing immediate integrity and availability impact.

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
This file implements a chat-based image generation capability that is unrelated to the stated Beehiiv article-writing/publishing scope. In an agent skill, hidden or undocumented capabilities are dangerous because they expand what the tool can do beyond user expectations and policy review, enabling unintended remote actions and content generation paths that may be triggered by prompts or orchestration logic.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The skill context is Beehiiv newsletter authoring/publishing, but the code includes agent-mode image generation through /createChat and /listMessages. Context-inappropriate capabilities increase risk because they let the skill invoke broader AI-agent behavior than necessary, which can lead to unreviewed outputs, higher spend, prompt-driven misuse, or accidental execution of side functionality not expected in a publishing tool.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to place a live YouMind API key in a plaintext file under their home directory without warning about credential sensitivity, file permissions, or safer alternatives. If the workstation is shared, backed up insecurely, or compromised by other local processes, the key could be exposed and abused to access the connected YouMind/Beehiiv capabilities.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill strongly promotes direct publishing and research via connected services without clearly warning that draft content, source material, and metadata will be sent to external platforms such as YouMind, web-search backends, and Beehiiv. Users may unintentionally disclose unpublished or sensitive content because the transmission boundary is not made prominent at the point of use.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The pipeline instructs saving a working draft to a local path under the user's home directory without any user-facing disclosure or consent gate. While this is not inherently malicious, it can unexpectedly persist sensitive draft content on disk, creating privacy and data-retention risks on shared or managed systems.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The pipeline directs the skill to mine the YouMind knowledge base, use web search, and later publish through external APIs, but it provides no explicit privacy warning about transmitting user content or context to third-party services. In a publishing workflow, source material may contain confidential drafts, internal research, or proprietary newsletter content, so silent transmission increases the chance of unintended data exposure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The delete action executes immediately with only an ID, without any interactive confirmation, warning banner, or secondary verification. This makes accidental destruction much more likely, especially when the skill may be called by an autonomous or semi-autonomous agent acting on ambiguous user instructions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal