ClawHub

Content Generator - Articles, Social Posts, Videos & Images from Any Topic or URL

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate GenerateBot integration, but it should be reviewed because it can publish or delete account content without clear confirmation guardrails.

Install only if you trust GenerateBot and intend to let an agent use your connected GenerateBot, CMS, and social accounts. Before any post, publish, delete, bulk-clear, update, or paid generation, require the agent to show the exact target account, content, destination, and credit cost, then get explicit confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (16)

Vague Triggers

High
Confidence
95% confidence
Finding
The skill description uses very broad routing language such as general content creation, publishing, and workflow automation triggers, which can cause the agent to invoke this skill for many ordinary user requests. Because the skill supports external publishing, content modification, and paid operations, over-broad activation materially increases the chance of unintended side effects or unauthorized outbound actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents destructive and externally side-effecting operations like clearing saved RSS feeds, deleting content, and publishing, but does not consistently require an explicit confirmation step at the point those actions are described. In an agentic setting, that omission can lead to accidental destructive changes or external posting based on ambiguous user intent.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description uses very broad trigger language such as general requests to find content ideas, write blog posts, fetch news, and manage content, which can cause the agent to invoke this skill for many ordinary user requests beyond explicit GenerateBot intent. That increases the chance of unnecessary external API calls, unintended data transmission, and accidental use of write-capable operations in contexts where the user did not clearly request this service.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation exposes a destructive endpoint that clears all saved RSS feeds without any warning, confirmation requirement, or guidance to verify user intent. In an agent setting, omission of those safeguards can lead to irreversible account-wide data loss from ambiguous prompts or prompt injection steering the model toward destructive actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The content deletion endpoint is documented without any warning about permanence, recovery limits, or the need to confirm the target item. In an agent workflow, this makes accidental or induced deletion of stored content more likely, especially because content management is a central function of the skill.

Vague Triggers

Medium
Confidence
76% confidence
Finding
An overly broad description can cause the orchestrator or agent to select this skill for generic content tasks that do not require publishing, increasing the chance of unintended external actions or data transfer. In a skill that can publish to social/CMS accounts and invoke enrichment services, overbroad routing materially raises misuse risk.

Missing User Warnings

High
Confidence
93% confidence
Finding
The skill documents direct posting to external social media and CMS accounts without a prominent warning that these actions can create public or customer-facing changes. In context, this is dangerous because an agent could interpret a drafting request as authorization to publish, leading to unauthorized posts, reputational damage, or accidental disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The enrichment, brand-voice, Reddit, and business-profile endpoints involve sending article text, business metadata, and potentially website-derived data to an external service, but the documentation lacks a privacy warning. This creates a real risk of unintentional disclosure of sensitive business content or third-party data during routine use.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description contains broad triggers like wanting to 'make a video' or 'generate video content,' which can cause the skill to activate for generic user requests that may not specifically intend GenerateBot usage. In an agent environment, this increases the chance of unintended tool selection and can route user content to an external API without clear user awareness or consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to post completed videos to social media using linked accounts but does not include any warning, confirmation requirement, or safeguard around this external side effect. This is dangerous because publication is an irreversible or high-impact action that can affect public brand presence, leak sensitive content, or post to the wrong account if triggered automatically.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description uses broad activation language such as 'automate content creation' and 'build a search-to-publish workflow,' which can cause the agent to invoke this skill for loosely related requests. Because this skill can trigger multi-step actions involving external APIs, credits, and publishing flows, unintended activation could lead to unnecessary external side effects or costly operations.

Vague Triggers

Low
Confidence
90% confidence
Finding
The instruction to follow the complete workflow when the user says 'do everything' or 'full workflow' is underspecified and lacks constraints on what actions are authorized. In this skill, that phrase can expand into search, content generation, video creation, CMS publishing, and social posting, creating a meaningful risk of overbroad execution and unintended external actions.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
|--------|----------|---------|------|
| Search content | POST /agents/news-aggregator | 10 | sync |
| Fetch RSS feeds | POST /rss | 0 | sync |
| Manage RSS feeds | GET/PUT/DELETE /rss | 0 | sync |
| Generate from URL | POST /pipelines (content-analyzer) | 100 | async |
| Generate from topic | POST /pipelines (topic-to-content) | 100 | async |
| Generate scripts | POST /pipelines (script-generator) | 15 | async |
Confidence
82% confidence
Finding
DELETE /rss

Tool Parameter Abuse

High
Category
Tool Misuse
Content
| List runs | GET /pipelines | 0 | sync |
| Save content | POST /content | 0 | sync |
| List content | GET /content | 0 | sync |
| Get/Update/Delete | GET/PATCH/DELETE /content/{id} | 0 | sync |
| Check credits | GET /credits | 0 | sync |
| Credit transactions | GET /credits/transactions | 0 | sync |
Confidence
84% confidence
Finding
DELETE /content/{id}

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- Input: `{ "feedUrls": ["https://example.com/feed.xml"] }` (max 50)
- Requires an existing business profile

**DELETE /api/v1/rss** - Clear all saved feed URLs (requires `rss:write` scope)

---
Confidence
95% confidence
Finding
DELETE /api/v1/rss**

Tool Parameter Abuse

High
Category
Tool Misuse
Content
**PATCH /api/v1/content/{id}** - Update (title, contentData, tags, notes, status)

**DELETE /api/v1/content/{id}** - Delete

---
Confidence
95% confidence
Finding
DELETE /api/v1/content/{id}**

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal