ClawHub

Social Media Agent

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned for social media management, but it can affect a live public account and schedule future posts without clearly scoped approval controls.

Install only if you want an agent to manage a live social account. Use a test or dedicated account first, require explicit approval before posting, replying, liking, following, or scheduling, review cron jobs regularly, and remove scheduled tasks when the campaign ends.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger description is broad enough to activate on general social media questions such as strategy, engagement, or content ideas, even when the user may not intend autonomous posting or account actions. In this skill, that risk is heightened because the documented capabilities include browser-driven posting, engagement, and scheduled automation against a live public X account, so an overbroad match can lead to unintended real-world actions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill advertises autonomous social media management and scheduled posting but does not present a clear upfront warning that it can perform public, irreversible actions on the user's account. Because it uses browser automation and cron for autonomous posting, users may invoke it without understanding that it can publish content, engage with others, and affect reputation, compliance, or account standing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal