ClawHub

Canmarket Blog

Security checks across malware telemetry and agentic risk

Overview

This skill is clearly for publishing CanMarket blog posts, but it can push generated content directly to a live site from broad trigger phrases without a required approval checkpoint.

Install only if you own or administer the CanMarket site and want an agent to publish there. Before use, require the agent to show the article, changed files, git diff, commit message, target branch, deployment target, and any DEV.to destination, then approve publication manually; using a branch or pull request would reduce the risk of accidental production changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill advertises broad natural-language triggers such as 'write blog', 'new blog post', and 'publish article', which can match ordinary user requests without requiring explicit confirmation that code changes, git pushes, and deployment should occur. In this skill, unintended activation is more dangerous because the workflow includes creating files, committing, pushing to main, and triggering production deployment.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The usage examples reinforce ambiguous activation phrases like 'Write a blog post about X' and 'New article for canmarket.ai' without exclusions or safeguards, making it plausible that routine brainstorming requests could invoke a publish-capable workflow. Because this skill can modify a repo and publish externally, ambiguous examples materially increase the risk of unintended content generation and deployment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal