ClawHub

youmind-hashnode-article

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Hashnode publishing skill, but it includes under-disclosed commands that can permanently delete drafts or published posts.

Review before installing. Only use this skill if you are comfortable giving a YouMind API key that can draft, publish, list, fetch, and, through under-documented commands, delete Hashnode content. Prefer a least-privileged YouMind key if available, keep the config file private, and ask the publisher to remove or clearly document and strongly gate the delete commands before routine use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill declares runnable Bash commands that can install packages, build code, and execute a Node CLI, which implies network access and environment/file access, yet it does not declare corresponding permissions. This creates a transparency and least-privilege problem: users and hosting systems may underestimate what the skill can access or do at runtime.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior understates the apparent capability surface: the analysis indicates access to broader YouMind data sources, content storage, web search, image generation, and even deletion of Hashnode drafts/posts. A skill that can retrieve unrelated user data or delete remote content is materially more powerful than described, which undermines informed consent and increases risk of data exposure or destructive actions.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The CLI exposes destructive `delete-draft` and `delete-post` commands even though the skill metadata describes drafting, publishing, listing, and tag lookup—not deletion. This expands the tool's authority beyond user-expected scope, increasing the chance of accidental or prompt-induced content destruction if an agent invokes these commands with a valid API configuration.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Permanent deletion of published posts is a high-risk destructive action that is not justified by the stated purpose of a writing/publishing skill. In an agent setting, undocumented destructive capabilities are dangerous because they can be triggered by misunderstanding, adversarial prompting, or misuse, leading to irreversible loss of live content.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The API client exposes removeDraft and removePost operations even though the stated skill scope is draft/publish/list/tag lookup. This scope expansion creates an undocumented destructive capability that could be invoked by an agent or future prompt flow to delete user content, increasing the risk of accidental or unauthorized destructive actions.

Description-Behavior Mismatch

High
Confidence
91% confidence
Finding
This file exposes broad capabilities—library search, board/material enumeration, document retrieval, knowledge mining, and chat-based image generation—that materially exceed a skill described as Hashnode article publishing. In a skill context, this creates an over-privileged integration surface that can be abused to access unrelated user data or trigger unintended remote actions through the same API key.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The chat-based image generation flow invokes a remote agent mode and polls chat messages, which is unrelated to publishing text articles to Hashnode. Because it sends arbitrary prompts to a remote service and expands the action surface beyond the stated skill purpose, it increases the chance of unintended data disclosure, cost abuse, or misuse of tool-enabled agent behavior.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The knowledge-mining routine aggregates semantic search results plus board materials and crafts, enabling broad discovery across a user's YouMind library. For a Hashnode publishing skill, this is unnecessary privileged access and can expose unrelated private content to the skill runtime or downstream prompts without a narrowly scoped need.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The deletion helpers perform destructive operations with a single API call and no built-in confirmation or safety interlock. In an agent setting, this makes prompt mistakes, tool misuse, or malicious instruction injection more likely to cause irreversible deletion of drafts or published posts.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The generic POST helper transmits user queries, article content, board IDs, and document IDs to the remote YouMind API, but there is no evidence in this code of contextual notice, consent, or data-minimization at the transmission point. In a content-authoring skill, this matters because drafts and research material may contain sensitive or unpublished information that users do not expect to be broadly sent to a third-party service.

Session Persistence

Medium
Category
Rogue Agent
Content
This skill is **self-contained and fully usable standalone.** The `youmind-article-dispatch` hub is an optional companion; it is NOT required for anything.

- **Primary mode — standalone:** Invoke directly ("Write a Hashnode article about X"). Works with zero other YouMind skills installed.
- **Author voice lookup:** This skill reads `~/.youmind/author-profile.yaml` (shared home directory — see `shared/YOUMIND_HOME.md`) for cross-platform voice preferences. Works whether or not dispatch is installed.
- **Optional dispatch-mode invocation:** When dispatch invokes this skill with a content brief containing `resolved_author`, the skill uses those fields as extra context. Without such a brief, the skill runs its own pipeline normally. Hashnode's depth-first DNA stays native to this skill.
- **Capability manifest (opt-in):** `dispatch-capabilities.yaml` is metadata that lets dispatch route intelligently. Deleting it reverts to defaults; it never breaks this skill.
Confidence
76% confidence
Finding
Write a Hashnode article about X"). Works with zero other YouMind skills installed. - **Author voice lookup:** This skill reads `~/.youmind

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal