ClawHub

Blogger Auto Publish Clean

Security checks across malware telemetry and agentic risk

Overview

This is mostly a real Blogger publishing skill, but it asks for broad live-account authority and includes under-scoped examples for deletion, automation, and an unauthenticated publishing webhook.

Install only if you are comfortable giving this skill OAuth access to a Blogger account. Use a test blog first, keep credentials.json and token.json private with restricted permissions, prefer draft mode for tests, avoid the deletion examples unless you have backups, and do not deploy the webhook example without authentication, input limits, and network restrictions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documents clear access to environment variables and outbound network use, but does not declare corresponding permissions. This creates a transparency and consent problem: an agent or user may invoke a networked, credential-dependent skill without understanding its true capabilities, increasing the chance of unintended data exposure or external actions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The stated purpose is narrow publishing, but the documented behavior expands into OAuth authorization, token management, blog enumeration, deletion utilities, and setup automation. This mismatch is dangerous because users may authorize or invoke the skill expecting simple publishing while it also supports broader account access and destructive content-management operations.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The examples broaden the advertised capability from simple auto-publishing into general blog administration, including discovery and management actions. This increases the effective privilege surface of the skill and can mislead users or downstream agents into granting broader access than the manifest suggests.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The documentation includes destructive deletion workflows for posts and drafts even though the skill is described as an auto-publishing tool. Hidden or under-declared destructive capabilities are dangerous because they can cause irreversible content loss if a user or agent assumes the skill is publish-only.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The webhook example exposes a network service that accepts publishing input and writes temp files, but it shows no authentication, authorization, or request validation. In the context of a publishing skill, this creates an unnecessary remote attack surface that could allow unauthorized content publication or service abuse.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The examples instruct users to install a wrapper system-wide via sudo and create a symlink in /usr/local/bin, which exceeds the minimum privileges needed for article publishing. While not directly malicious, it normalizes privileged system modification and increases risk if the script or working directory contents are changed later.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The README instructs users to place OAuth credentials in the skill directory and perform real Blogger authorization and publishing, but it does not warn that these files are sensitive or that commands act on a live account. In an agent-skill context, this increases the chance of accidental credential exposure, unsafe storage, and unintended publication to a real blog.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup guide instructs users to run test and publish commands against a real Blogger blog without clearly warning that these actions can modify live site state, create public posts, or affect production content. In an agent skill that automates publishing, omission of this warning increases the risk of accidental unauthorized or unintended changes to user-controlled content.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger conditions are broad, such as any Blogger integration or Markdown-to-Blogger conversion request, which increases the chance of unintended automatic invocation. In a skill that can publish, list, and delete blog content using stored tokens, accidental activation can lead to unwanted external actions against a live account.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The webhook publishing example omits any warning that it enables network-triggered publication and temporary file writes from request data. Omitting these security caveats is dangerous because users may deploy it as shown, exposing a remote unauthenticated publishing endpoint.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list contains broad English terms such as "blogger," "publish," and "auto publish" that can match many ordinary user requests unrelated to this specific skill. In an agent ecosystem, overly broad activation increases the chance the skill is invoked in contexts where it has write access to a Blogger account, which can lead to unintended posting actions or credential exposure workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal