ClawHub

Ai Content Pipeline

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent guide for using the inference.sh CLI to build AI media pipelines, with expected privacy and installer trust considerations but no artifact-backed malicious behavior.

Install only if you trust inference.sh and the providers used through it. Prefer the manual checksum-verification install path if you are cautious, avoid sending confidential or regulated content unless provider policies allow it, and require explicit confirmation before any workflow posts or distributes generated content publicly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
80% confidence
Finding
The manifest includes many broad trigger phrases such as 'generate and edit', 'content creation', and 'automated content creation' that can match ordinary user requests outside the narrow intended scope. This can cause the skill to activate unexpectedly and steer users into workflows that invoke external tools and services, increasing the chance of accidental data disclosure or unsafe command suggestions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill presents multi-step workflows that send prompts, scripts, images, audio, and other user-provided content to remote AI services, but it does not clearly warn users about that data flow. In this context, users may paste proprietary, personal, or sensitive media into the pipeline without realizing it will be transmitted to third-party providers.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal