ClawHub

Affiliate Link Injector

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is purpose-aligned but needs Review because it asks for publishing/platform credentials and can change public content without enough scoping guidance.

Install only if you are comfortable granting content and publishing access. Use scoped, revocable tokens stored outside chat, test on drafts or copies, keep backups, disable AUTO_INJECT unless you explicitly want live edits, and review every proposed disclosure and affiliate link before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill documentation makes conflicting safety claims: it says links will not be injected without compliance review, yet elsewhere it describes direct auto-injection into content and WordPress posts. This mismatch can mislead users into trusting an approval gate that may not actually exist, increasing the risk of unauthorized content modification or publishing actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The examples prompt users to provide sensitive credentials such as API keys directly in the interaction without any warning about secure handling. In an agent or chat-driven workflow, this encourages unsafe secret disclosure, which can lead to credential leakage, account compromise, or unauthorized access to publishing systems.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The setup instructions tell users to grant access to WordPress, Google Docs, and Slack without explaining the data exposure implications or principle-of-least-privilege requirements. This can normalize overbroad authorization and lead users to expose private documents, channels, or publishing capabilities beyond what is necessary.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal