ClawHub

social-media-manager

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only social media management skill with expected posting, engagement, analytics, and integration guidance, but live account use should be supervised.

Use this safely for drafting, calendars, strategy, and reports. Before connecting real social accounts or integrations, limit it to the intended accounts, keep posting, scheduling, replies, likes, follows, and DMs behind human approval, and be careful with private messages or customer-related data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly covers monitoring mentions, comments, and DMs plus automated response actions, but does not disclose that private or account-linked social data may be accessed and processed. In a social-media-management context, this can cause users to unknowingly expose private messages, engagement history, or sensitive account activity to the agent or connected services.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises webhook endpoints and multiple third-party integrations for scheduling, analytics, CRM, ecommerce, and communication tools without warning that external providers may receive posting, account, audience, or analytics data. This creates a meaningful transparency and data-governance risk because users may not realize their social-media and customer-related information could be transmitted outside the primary system.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal