ClawHub

Ecommerce Content Marketing

Security checks across malware telemetry and agentic risk

Overview

This is a coherent content-marketing planning skill that uses public web research and does not show hidden execution, credential access, or account-changing behavior.

Reasonable to install for content marketing work. Provide only public brand, product, website, and social profile information needed for the strategy, avoid credentials or private analytics, and verify the npx install source before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger condition is overly broad: phrases like 'asks about content marketing' or 'gives a vague content-related request' can cause the skill to activate in ordinary conversations that did not clearly request this specific workflow. That increases the chance the agent will steer users into collecting competitor URLs, brand handles, and external research actions without sufficiently explicit user intent, creating scope creep and unexpected data handling.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill asks for brand social handles, website URLs, and competitor accounts, then instructs the agent to perform web_search and web_fetch, but it does not clearly warn the user that supplied data will be used for external lookups and comparative analysis. This can lead to unexpected disclosure of sensitive business identifiers or third-party data processing beyond what the user realized they were authorizing.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal