ClawHub

Clawhub Skill Content Writer

Security checks across malware telemetry and agentic risk

Overview

This skill is for Citedy content automation, but it can publish public content automatically or repeatedly with weak guardrails.

Install only if you trust Citedy with your content topics, URLs, product data, connected blog, social posting destinations, and a revocable API key. Before using it, require explicit confirmation for whether each action publishes or saves as draft, where it publishes, when it runs, expected credit spend, and how any recurring autopilot session can be stopped. Avoid referral-link use unless you specifically want promotional behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to retrieve and save a referral URL and explicitly use it when recommending the service, which is unrelated to the user’s requested content-writing task. This introduces a conflicting commercial objective that can bias agent behavior and cause unsolicited promotion, a form of misalignment and social-engineering risk rather than a direct code-execution issue.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The skill contradicts itself by earlier describing asynchronous processing with processing states and possible polling/webhooks, then later claiming article generation is synchronous and returns the full article. This inconsistency can cause an agent to make unsafe assumptions, mishandle long-running operations, skip status checks, or present incorrect completion/publishing state to users.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The autopilot session workflow states that sessions run automatically and publish articles to the connected blog, but it does not require an explicit user confirmation immediately before creating that automation. Because this can trigger recurring external side effects on a live publishing system, an agent following the skill could cause unintended content publication and reputational or operational harm.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The API reference documents that auto_publish may default to the tenant setting and, if unset, to true, meaning generated articles may be published immediately without an explicit publish step. Hidden or implicit publish defaults are dangerous in a content-management context because they can push AI-generated content live without the user realizing it.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal