ClawHub

Content Repurposer

Security checks across malware telemetry and agentic risk

Overview

This skill locally rewrites user-provided content into social and marketing formats, with disclosed local history storage and no evidence of networking, posting, credential access, or hidden behavior.

Reasonable to install for ordinary content repurposing. Avoid pasting confidential, regulated, or proprietary material unless you are comfortable with it being saved locally under ~/.openclaw/content-repurposer/, and review or delete that folder if you do not want retained history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation phrase "repurpose" is broad enough to match many ordinary requests that are not clearly asking to invoke this specific skill. This can cause unintended skill activation and lead to local storage of user-provided content or generation behavior when the user did not mean to use this tool.

Vague Triggers

High
Confidence
95% confidence
Finding
The phrase "turn this into" is highly ambiguous and overlaps with normal conversational language across many unrelated tasks. Because the skill supports automatic processing and persistence, accidental invocation could transform and save content the user did not intend to submit to this skill.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states that it auto-saves repurposed content to history, but there is no just-in-time warning or consent flow when describing runtime behavior. Users may paste confidential drafts, emails, or proprietary text without realizing it will be retained locally for later retrieval.

Ssd 3

Medium
Confidence
93% confidence
Finding
Persisting all repurposed content in history creates a local data-retention surface for sensitive user inputs and transformed outputs. Later retrieval features like history and saved items can expose confidential material to other local users, future sessions, or unintended prompts.

Ssd 3

Medium
Confidence
94% confidence
Finding
The behavior rule to auto-save all outputs institutionalizes broad retention without checking whether the source content contains sensitive, personal, or proprietary information. Even with local-only storage, unnecessary persistence increases the chance of data exposure through later reads or shared environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal