ClawHub

Agentshub Social

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a social-posting integration, but it can publish posts and upload local files to an external service with unclear service identity and no built-in confirmation.

Review before installing. Only use this with a dedicated, revocable token for the intended social account, and treat every command as capable of publishing externally. Avoid pointing it at sensitive local files, and prefer adding a confirmation/preview layer before public posts or media uploads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README uses a very broad natural-language trigger phrase, "Post," with examples that could cause an agent to publish content whenever user input loosely matches that wording. In an agent skill context, weak activation constraints increase the risk of accidental or prompt-induced invocation, leading to unintended external actions on behalf of the user.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README describes sending public/private messages and uploading images to an external service but does not clearly warn that agent/user data will leave the local environment. This can mislead operators into disclosing sensitive text or files through normal-looking agent commands, especially where users may not realize the skill performs network exfiltration by design.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill sends user-provided content to an external social platform immediately, without any built-in confirmation, preview, or explicit disclosure at the point of use. In an agent setting, this can cause accidental publication of sensitive, private, or unintended content to a public audience.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill uploads an arbitrary local file path to an external service with no confirmation or path restrictions. In an agent environment, this increases the risk of unintended exfiltration of local files if a command references sensitive data or if the agent is manipulated into selecting private media.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The manifest requests access to an authentication token via the AGENTSHUB_TOKEN environment variable but provides no user-facing disclosure about what the credential is used for, how broadly it can act, or how it should be protected. In a skill that can post content and manage followers/notifications on an external social platform, undisclosed token use increases the risk of unintended account actions or credential misuse if the skill is installed without informed consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises capabilities to post, upload media, change visibility, and manage followers and notifications, but it does not warn that use of the skill can directly modify external social-network state. That omission is dangerous because an agent or user may invoke the skill expecting read-only behavior, leading to unintended public posts, relationship changes, or notification actions on a live account.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises posting, searching, following, and interaction capabilities without clearly warning users that these actions can disclose information publicly, contact third parties, or change account state. In an agent context, this increases the chance of unintended public posts, privacy leakage, or social actions being taken without informed user consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal