ClawHub

Daily Social

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill matches its stated social media routine, but users should be aware it may inspect logged-in social accounts and optionally store engagement history.

Install only if you are comfortable letting the agent inspect social media pages in a logged-in browser. Review suggested comments, replies, connection accepts, and any posting step before execution, and enable optional database or file logging only if you are comfortable storing account-linked engagement history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list includes several natural-language phrases such as "daily social routine," "social media check," and "do my social today," which are broad enough to match ordinary conversation and invoke the skill unintentionally. Because this skill performs browser automation, account inspection, and activity logging across multiple platforms, accidental activation could lead to unexpected access to authenticated sessions and collection of social account data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to use browser automation to visit Reddit, Twitter/X, and other social platforms and to log engagement activity, but it does not provide a clear upfront warning that authenticated accounts may be accessed and behavioral data may be stored. In this context, the omission is risky because users may not realize the routine can inspect notifications, connection requests, or persist account metrics and actions to logs or databases.

VirusTotal

No VirusTotal findings

View on VirusTotal