ClawHub

Content Repurposing

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent content-repurposing helper, but it includes broad connected-service commands that can publish to a real X/Twitter account without an explicit confirmation safeguard.

Install only if you trust inference.sh and want this skill to use its CLI. Review every `infsh` command before running it, especially commands that upload private material or call posting apps such as `x/post-create`; treat generated social posts as drafts unless you explicitly approve publication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill’s stated purpose is content repurposing, but it also includes an example that directly publishes to X/Twitter. That expands the capability from content transformation into external account action, which is security-relevant because generated or unreviewed content could be posted to a real account without sufficient user awareness or approval safeguards.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Including direct social-media publishing is broader than the declared repurposing use case and violates least privilege for a formatting/adaptation skill. In practice, this can cause accidental or unauthorized posting if an agent invokes the example flow as part of a content transformation request.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger list is broad and ambiguous, increasing the chance the skill is auto-selected for loosely related user requests. In an agent environment, over-broad matching can route benign content tasks into a skill that also contains account-affecting and external-tool instructions, raising the risk of unintended actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill demonstrates posting to X/Twitter but does not warn the user that this action affects an external account and may create irreversible public output. Lack of a warning or confirmation step makes accidental publication more likely, especially when paired with autogenerated content.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal