ClawHub

Mktclaw

Security checks across malware telemetry and agentic risk

Overview

This marketing workflow is not malicious, but it needs review because it can persist and reload detailed brand/campaign context and references CRM/site data without enough privacy controls.

Install only if you are comfortable with the skill retaining brand profiles, campaign summaries, and evolution feedback for future sessions. Avoid giving it raw PII, CRM exports, unreleased strategy, confidential budgets, or customer-level behavioral data unless your environment provides appropriate privacy controls. Before use, confirm how stored session_export data can be inspected, deleted, scoped to a project, and prevented from being sent in external research queries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The README defines preview mode as triggered by broad natural-language keywords like “预览” or “快速看看”, which can easily appear in ordinary user requests without an explicit intent to change execution mode. In a multi-agent marketing workflow, this can silently alter control flow, skip downstream agents, and produce incomplete or misleading outputs without the user realizing the system downgraded from the full process.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly describes cross-session persistence via `session_export`, automatic resume behavior, and loading prior brand/campaign state, but the top-level description does not warn users that their brand profile, campaign summaries, and evolution feedback may be stored and reloaded later. This creates a transparency and privacy risk because users may provide sensitive commercial or marketing data without realizing it can persist beyond the current session.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill instructs the Insight Agent to perform network-based research and extract trends, competitor activity, and user insights, but the description does not clearly warn users that external network access or online data collection may occur. This is risky because user prompts or inferred business context could influence outbound queries, potentially exposing confidential strategy information to third-party services or causing users to misjudge data provenance.

Natural-Language Policy Violations

Medium
Confidence
85% confidence
Finding
The skill mandates Chinese output for every agent without offering a user language choice, which can cause misunderstandings, inaccessible outputs, or hidden misinterpretation of strategy and compliance-sensitive marketing content. In a multi-step workflow with checkpoints and JSON/Markdown summaries, forced language selection increases the chance that users approve or act on content they do not fully understand.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly directs collection of first-party site/app/CRM data, ad platform data, and third-party monitoring data, plus event tracking, attribution, deduplication, and user-path analysis, but it provides no privacy guardrails, consent requirements, data minimization rules, or handling restrictions. In a marketing analytics workflow, this can lead to over-collection or improper processing of personal or behavioral data and create compliance and data-exposure risk.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The brand-profile triggers are broad enough to fire on ordinary phrases like '记住这些' or casual mentions of a brand/company, which can cause unintended persistence or reuse of sensitive business context. In a multi-step marketing workflow, that increases the risk of over-collecting data, misattributing one brand's context to another, or carrying forward information without sufficiently explicit user consent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The cross-session recovery trigger relies on vague phrases like '上次' or '继续上次的', which are common in normal conversation and may restore prior campaign context without strong identity or intent verification. That can expose previous session summaries, brand data, or evolution feedback to the wrong conversational context, especially if multiple projects or brands are being discussed.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill explicitly requires cross-session persistence of a complete brand snapshot, evolution feedback, campaign identifiers, and recovery context for future sessions. In a marketing environment, those artifacts can contain sensitive business strategy, targeting insights, campaign performance, and potentially customer or partner data, so natural-language instructions to retain and later restore them create a real data leakage and over-retention risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal