ClawHub

Reddit Quote Carousel Topaz

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but it can use stored credentials to push images to a repository and publish Instagram posts without a clear review step.

Install or run this only if you want the agent to use your local Topaz and Instagram credentials, upload selected images to Topaz, push generated images to a repository, and publish to Instagram. Review the images, captions, source rights, destination account, and repository changes manually before any publish step, and use narrowly scoped tokens where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill retrieves a Topaz API key from macOS Keychain and sends local image files to an external API as part of its workflow, which expands its effective privilege and data exposure beyond the user-facing description of merely creating a carousel from a picks list. This is dangerous because operators may invoke it without realizing it accesses stored secrets and transmits content off-host to third parties.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill description focuses on generating a carousel but the instructions later direct hosting images in a repo, publishing to Instagram, and cleaning up afterward. This mismatch is risky because a user may expect local content generation while the skill actually performs public distribution actions with reputational and privacy consequences.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow uploads locally stored images to the Topaz API and later publishes generated content externally, but the skill text does not provide a clear user-facing warning about these network and publication side effects. Hidden outbound transmission and posting behavior is dangerous because it can expose local files or create public content without adequately informed consent.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill accesses a stored Topaz API key from macOS Keychain without clearly warning the user in the skill description that saved credentials will be used automatically. While credential use is not inherently malicious, undisclosed secret retrieval reduces transparency and can normalize over-privileged automation.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill instructs publishing collected third-party images to a repository and serving them via raw GitHub URLs as part of the Instagram workflow. This broadens exposure of scraped/downloaded content beyond the immediate task and creates legal, privacy, and unauthorized redistribution risk if images are copyrighted or not licensed for reposting.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal