ClawHub

Social Media Autopilot

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-built for social media automation, but it needs review because it can post publicly with live account credentials and its safeguards are under-scoped.

Install only after reviewing the scripts and using test or least-privilege social accounts. Keep auto_approve disabled, avoid cron publishing until you trust the workflow, store tokens in a protected secret mechanism rather than committed files or shared shells, and require an explicit human confirmation before any live publish command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The 'Use when' description is broad enough to match many ordinary social-media requests, which increases the chance the skill is invoked in situations the user did not specifically intend. Because the skill can schedule and publish posts, overbroad activation raises the risk of unintended account actions and exposure of social-media content or analytics.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs users to configure and store platform access tokens and describes publishing and analytics behavior, but it does not prominently warn that the skill can act on live social accounts and access potentially sensitive engagement data. In this context, missing privacy and account-impact warnings can lead to unsafe token handling and accidental posting to public brand channels.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document instructs users to handle highly sensitive values such as APP_SECRET and access tokens directly in shell commands and environment variables without any warning about secret storage, shell history leakage, log exposure, or least-privilege handling. In a social-media automation skill, these credentials can enable account access and publishing, so accidental disclosure could let an attacker take over posting workflows or access connected business assets.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The publishing flow shows a live media_publish API call but does not clearly warn that executing the final step will create a real Instagram post on the user's account. In an autopilot/social-posting context, omission of that warning increases the chance of unintended public posting, brand damage, or unauthorized publication if a user is following setup instructions without realizing they are triggering production actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document instructs users to handle a LinkedIn Client Secret and access token, including exporting the token as an environment variable, but provides no warning to keep these values secret, avoid committing them to source control, or use secure secret storage. In an automation skill for social media publishing, these credentials grant the ability to post or access account data, so poor handling could lead to account takeover of posting capability or unauthorized API use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal