ClawHub

Reddit Quote Carousel

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but it also publishes to Instagram and modifies a hosted repo without a clear approval step or scoped account permissions.

Install only if you intend the agent to publish to the correct Instagram account and use the referenced tabiji repository. Require a preview of all slides and caption before posting, confirm the exact account and repo permissions, and verify the referenced helper skills/scripts before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill metadata says it creates an Instagram carousel, but the workflow later performs a materially different action: publishing to Instagram. This hidden scope expansion is dangerous because an agent or user may authorize content generation without realizing the skill also posts to an external account, creating unintended account-affecting side effects.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The workflow instructs the agent to host generated images in a repository as part of publishing, but this data exfiltration/storage step is not clearly justified or bounded by the stated purpose. Unnecessary third-party or repository hosting increases exposure of generated assets, may leave residual public artifacts, and broadens the attack surface beyond simple carousel creation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill performs network transmission and account-affecting actions—hosting images, creating Instagram containers, and publishing—without any user-facing warning or explicit approval gate. In this context, the danger is elevated because the skill is triggered by a simple phrase and appears primarily generative, so users may not expect it to perform live external operations on connected accounts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal