ClawHub

Viraloop

Security checks across malware telemetry and agentic risk

Overview

Viraloop matches its stated automation purpose, but it is built to publish public TikTok and Instagram posts without review and to continue optimizing future automated runs.

Install only if you intentionally want an autonomous tool that can publish live content to connected TikTok and Instagram accounts. Before using it on real accounts, add a human approval step before publishing, disable or tightly control cron/self-scheduling behavior, scope the Upload-Post token, avoid analyzing sensitive or non-public websites, and store generated content and analytics in a private directory with clear deletion rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This instructs the agent to modify its own future execution schedule based on analytics, creating persistent self-rescheduling behavior beyond the immediate user-requested task. Self-modifying automation is dangerous because it can continue triggering networked actions and live publishing without renewed user consent, increasing blast radius if the skill misbehaves or is abused.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly advertises that posts go directly live to TikTok and Instagram with 'no drafts, no manual steps,' but it does not present a clear warning that publishing is irreversible and may immediately affect public brand presence. In an automation skill designed for growth posting, this increases the chance of accidental publication of incorrect, noncompliant, or reputationally damaging content by users who may assume there is a review gate.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly directs fully autonomous posting to live TikTok and Instagram feeds without confirmation, and says the agent should only notify the user after publication. Direct-to-live publishing is a high-risk side effect because mistakes, prompt injection from analyzed content, brand damage, policy violations, or account misuse become irreversible once posted.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill analyzes arbitrary website URLs and sends data and publishing metadata to third-party services, but the top-level description does not clearly warn about external data handling or privacy implications. This omission is risky because users may unknowingly expose proprietary site content, branding data, or account-linked metadata to external APIs.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script stores screenshots and extracted website content under /tmp without any retention controls, minimization, or user-facing disclosure. In an agent environment, this can capture sensitive page data, proprietary content, or personal information from analyzed sites and leave it accessible to other local processes or later runs if the filesystem is shared or insufficiently isolated.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script persists profile analytics and impressions data to a predictable world-accessible temporary path under /tmp. On multi-user systems, containers with shared temp storage, or CI runners, this can expose account identifiers and engagement data to other local users or processes, and the file may outlive the script longer than intended.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script transmits content to a third-party API for public posting on TikTok and Instagram with `privacy_level=PUBLIC_TO_EVERYONE` and no interactive confirmation, dry-run mode, or approval gate. In an agent or automated pipeline context, this increases the risk of unintended publication of sensitive, copyrighted, brand-damaging, or policy-violating content, especially because the skill is designed for autonomous generation and publishing.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal