ClawHub

Content Creator Pro

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate content-planning assistant, but it keeps business profile/history data and includes setup steps that can overwrite or erase existing files without enough user control.

Install only if you are comfortable with the skill retaining brand, audience, voice, content-history, and engagement information locally. Back up any existing config and data files before running setup, avoid rerunning initialization on an active workspace, and look for clear commands to review, export, disable, or delete the stored profile data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README states that the agent 'tracks what you changed' and adjusts a voice profile over time, which implies persistent collection and retention of user editing behavior. Because the documentation does not clearly explain what is stored, where it is stored, how long it is retained, or how users can disable or delete it, users may unknowingly expose sensitive business, branding, or personal writing data to ongoing local profiling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup instructions copy files into fixed destinations using plain `cp`, which will overwrite any existing `config/content-config.json` or `scripts/export-calendar.sh` without prompting or backup. In a setup context this can destroy prior user customizations or replace trusted local files unexpectedly, creating integrity and availability risk even if the author likely intended a simple bootstrap flow.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The initialization step uses shell redirection like `echo '[]' > data/...` and `echo '{}' > data/...`, which will truncate and replace any existing JSON files with empty defaults. If a user re-runs setup in an existing workspace, this can silently erase business data such as content history, engagement logs, and brand profile information.

Vague Triggers

High
Confidence
96% confidence
Finding
The usage trigger is extremely broad and can activate on ordinary conversation loosely related to social media, increasing the chance of unintentional invocation. In a skill with file read/write, image, web access, and exec capabilities, over-broad routing expands the attack surface and may cause the agent to manipulate persistent business data or invoke tools without the user clearly intending to use this skill.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill stores sensitive business information including brand identity, target audience details, voice preferences, engagement data, and competitor notes in persistent local files, but does not require an explicit user-facing warning or consent about that persistence. Users may disclose proprietary marketing strategy or customer-profile information without realizing it will be retained and reused across sessions.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The example depicts the agent automatically reading several stored profile/history files to personalize output, but it does so without any visible user notice, consent step, or explanation of what data will be accessed. In a real skill, this can normalize silent access to user behavioral and content history data, creating privacy and transparency risks and potentially exposing more personal or business-sensitive data than the user expected.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal