ClawHub

SEO Automated Content Pipeline

Security checks across malware telemetry and agentic risk

Overview

This SEO skill is instruction-only and purpose-aligned, but it needs Review because it directs agents to auto-publish generated content to a CMS without clear confirmation or scope controls.

Install only if you intend the agent to help manage website content. Use draft-only publishing by default, review each generated page before it goes live, provide only scoped CMS credentials, set limits on article count and frequency, and keep a clear rollback or deletion process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The instruction to execute the full pipeline whenever a user provides a product name and target customer is overly broad for a skill that includes external research, content generation, and publishing actions. This can cause the skill to activate in situations where the user did not explicitly intend end-to-end automation, increasing the risk of unintended network activity, content generation, or downstream publication.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill describes auto-publishing to a website CMS without a prominent warning, approval checkpoint, or explicit confirmation before making live site changes. In this context, the danger is elevated because the pipeline is designed to move directly from research to content generation to publication, which could lead to unauthorized or mistaken posting, SEO damage, reputational harm, or defacement-like outcomes on production systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal