ClawHub

Itinerary Carousel Post

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for making an Instagram carousel, but it can publish publicly, use local Instagram credentials, and push/delete files in a GitHub repo without clear approval gates.

Install only if you intend to let the agent publish to the configured Instagram account and push to the tabiji GitHub repository. Before use, inspect the referenced helper skills/scripts, require a final preview of images and caption, confirm the Instagram account and git diff, use a dedicated repo/path, sanitize user-provided titles/captions, and publish only images you have rights to use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill goes beyond creating and publishing a carousel by modifying a local Git repository, pushing files to a public remote, and later deleting them. That introduces unnecessary source-control side effects and expands the blast radius from social publishing into repository integrity and data exposure risks.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly accesses credentials from the macOS Keychain, which is a sensitive credential store not disclosed in the skill's declared interface. Hidden credential retrieval reduces user visibility and enables account actions with powerful tokens without an explicit consent step.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The invocation description is broad enough to trigger on generic requests for Instagram posts or social content, even when the user may not intend external publishing or repository changes. Overbroad triggering increases the chance that sensitive side effects occur in contexts where the user expected only drafting assistance.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill publicly hosts generated images on GitHub and then submits their URLs to Instagram without any explicit user warning that media becomes externally accessible. This can unintentionally disclose unpublished assets, travel content, or internal branding materials to third parties before or outside the intended posting flow.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill uses sensitive authentication material for Instagram publishing without a clear user-facing warning at the point of use. That makes account-impacting actions possible without sufficient transparency, especially if the skill is auto-invoked from broad social-content requests.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal