ClawHub

Article Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it can post real content to logged-in public accounts and stores login cookies locally with limited safety controls.

Install only if you are comfortable letting an agent operate real logged-in publishing accounts. Use testMode first, name exact target platforms, avoid publish_to_all unless intended, review generated content before live posting, and clear data/cookies or use dedicated accounts. Prefer updating and pinning Playwright and using trusted browser download sources before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase "帮我发布文章" is broad enough to match generic publishing requests without clearly signaling that this skill will drive browser automation against third-party sites. That can cause unintended invocation, leading to accidental transmission of article content and use of persisted authenticated sessions on external platforms.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description highlights convenience features like QR login and cookie persistence but does not clearly warn that browser automation will submit user content and authenticated session data to third-party platforms. In this context, that omission weakens informed consent and can cause users to expose sensitive drafts, metadata, or active account sessions without understanding the privacy implications.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The adapter can perform a live publication by directly invoking clickPublish() whenever testMode is false, with no explicit user confirmation step immediately before the irreversible action. In an automation tool that persists login state and targets real creator accounts, this increases the risk of accidental or unintended posting caused by operator error, bad upstream inputs, or misuse by another component.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The code persists browser session cookies to disk in plaintext JSON without any user-facing notice, consent flow, or visible protection in this component. Because these cookies likely authenticate publishing accounts across multiple platforms, local compromise, accidental backup/sync exposure, or other processes reading the file could lead to account takeover or unauthorized posting.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"install:browser:cn": "cross-env PLAYWRIGHT_DOWNLOAD_HOST=https://npmmirror.com/mirrors/playwright npx playwright install chromium"
  },
  "dependencies": {
    "playwright": "^1.40.0"
  },
  "devDependencies": {
    "cross-env": "^7.0.3"
Confidence
87% confidence
Finding
"playwright": "^1.40.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"playwright": "^1.40.0"
  },
  "devDependencies": {
    "cross-env": "^7.0.3"
  },
  "engines": {
    "node": ">=18.0.0"
Confidence
82% confidence
Finding
"cross-env": "^7.0.3"

Known Vulnerable Dependency: playwright==1.40.0 — 1 advisory(ies): CVE-2025-59288 (Playwright downloads and installs browsers without verifying the authenticity of)

High
Category
Supply Chain
Confidence
96% confidence
Finding
playwright==1.40.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal