ClawHub

POST AI Automation

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it asks users for sensitive social-media credentials and can report successful video generation or uploads that are only placeholders.

Review carefully before installing. Treat config.json, cookies, session IDs, and API keys as account-level secrets; do not commit them. Use test accounts first, do not rely on current success messages as proof that videos were generated or posted, and add explicit dry-run or approval controls before using any live bulk posting workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The TikTok and Instagram upload functions return success messages despite containing only placeholder logic, which creates a deceptive success path. In an automation skill, this can cause operators to believe content was published when it was not, leading to failed business workflows, missed deadlines, and unsafe downstream automation decisions based on false state.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The final summary reports uploaded counts based on the placeholder functions' success values, so it can falsely attest that uploads completed successfully. This is dangerous because users or other automation may rely on the summary as an authoritative record, masking operational failure and preventing timely detection.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README promotes automated social-media uploading and scheduled posting but does not warn users about platform ToS violations, account suspension risk, or privacy implications of automated posting. In this context, the skill is specifically designed for bulk marketing automation, which increases the likelihood that users will apply it in ways that trigger enforcement or expose account/session data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The configuration example includes sensitive artifacts such as API keys, account identifiers, cookies, and session IDs without any guidance on secret storage, rotation, redaction, or exclusion from version control. Because these values can grant direct access to third-party services and social-media accounts, careless handling could lead to account takeover, abuse, or unauthorized posting.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly instructs users to automate uploads and scheduling to TikTok/Instagram using cookie files and session credentials, but it does not warn that these artifacts are highly sensitive and may expose the account to takeover, lockout, or platform enforcement actions if mishandled. In this context, normalizing browser-cookie/session-based automation for consumer platforms increases security and privacy risk because users may store or reuse long-lived session material insecurely.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup section tells users to place API keys, account IDs, cookie file paths, and a TikTok session ID into a local config file without any guidance on secure handling. This is dangerous because such documentation encourages insecure secret storage practices, accidental repository commits, leakage through logs/backups, and compromise of third-party or social media accounts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal