ClawHub

Linkedin Content

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a LinkedIn writing guide, but it also grants broad CLI authority and includes a live X/Twitter posting example without clear consent boundaries.

Install only if you trust inference.sh, are comfortable with the `infsh` CLI having logged-in access, and will keep publish-capable accounts under explicit user control. Prefer manual download and checksum verification over the pipe-to-shell installer, and require drafts to be reviewed before any command posts to LinkedIn, X, or another public service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The skill is presented as a LinkedIn post-writing aid, but its examples include publishing to X/Twitter. This scope expansion matters because users invoking a writing skill may not expect it to contain or encourage external publishing actions on another platform, increasing the chance of unintended side effects.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Documenting `x/post-create` inside a LinkedIn-focused skill introduces an unnecessary capability to publish externally, which is not justified by the stated purpose. In an agent setting, mismatched capabilities can lead to accidental posting to the wrong service or broaden the skill's effective permissions beyond user expectations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list includes broad phrases such as professional content, thought leadership, and B2B content, which can cause the skill to activate for general writing tasks outside narrow LinkedIn intent. Overbroad activation increases the risk that users are funneled into this skill's tool recommendations, including external CLI installation and platform-specific actions, when they did not ask for them.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The markdown shows a concrete command that posts to X without an explicit warning that it will publish content externally. In agent or copy-paste workflows, lack of a publish warning can cause unintended public posting, reputational harm, or disclosure of draft/internal content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal