ClawHub

Multi Platform Publisher Agent

Security checks across malware telemetry and agentic risk

Overview

This skill openly aims to automate book publishing, but it asks for powerful account, CAPTCHA, desktop automation, and scheduling authority without enough user-control boundaries.

Review before installing. Use this only with explicit per-platform approval, least-privilege or temporary credentials, manual review before submissions and schedules, and a clear rule that CAPTCHA events either stop for human handling or require separate informed consent for any third-party solver.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill gives conflicting instructions for CAPTCHA handling: it says verification should pause and notify for human intervention, but then defines an automated flow that calls a third-party CAPTCHA-solving API and proceeds automatically. In a publishing automation context, this contradiction can lead downstream agents to choose the more permissive path and automate challenge solving in ways that may violate platform rules, reduce human oversight, and expose session or account data to external services.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger description is very broad and could activate on many ordinary publishing-related requests, including ones involving credentialed platform actions, external uploads, scheduling, and CAPTCHA handling. Over-broad invocation increases the chance that the skill is selected without clear user intent or adequate safety gating, which is more dangerous here because the skill performs high-impact external actions across multiple third-party platforms.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes sending account-linked publishing data and CAPTCHA-related material to external platforms and third-party solving services without an explicit privacy notice, consent boundary, or data-handling limitation. In this context, the risk is elevated because the workflow may transmit credentials, author identity, manuscript metadata, links, and challenge artifacts to multiple external parties, creating meaningful privacy, compliance, and account-security exposure.

VirusTotal

No VirusTotal findings

View on VirusTotal