ClawHub

Substack Ghostwriting

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Substack writing assistant, with practical privacy cautions around voice samples, recordings, and internal communications.

Reasonable to install as a writing aid. Before using it, scope the agent to specific drafts, URLs, and source files; do not provide recordings, transcripts, Slack/internal messages, or client materials unless you have permission and have removed sensitive details. Get consent before recording or transcribing conversations, review any file edits, and decide where any saved voice guide should live and when it should be deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger description explicitly says to activate for general article/newsletter writing even when Substack is not named, while only excluding generic blog post writing in one narrow case. This broad scope can cause the skill to be invoked for unrelated writing tasks, increasing the chance of misrouting, unexpected tool use, and inappropriate ghostwriting or growth-optimization behaviors in contexts where the user did not request them.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guidance explicitly encourages collecting transcripts, recordings, Slack messages, and internal communications to model a client's voice, but it omits any safeguards around consent, confidentiality, retention, or minimization. In a ghostwriting skill, this creates a realistic risk of mishandling sensitive personal or business data because users may infer that broad collection and reuse of private communications is acceptable.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Telling users to 'Record everything' normalizes indiscriminate recording of calls without mentioning participant notice or legal consent requirements, which vary by jurisdiction and context. This is dangerous because the skill is operational guidance, so users may follow it directly and expose themselves or their clients to privacy violations, policy breaches, or unlawful surveillance claims.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Recommending Slack, WhatsApp, and voice notes for reactive content collection without mentioning confidentiality, organizational approval, or data handling can lead users to solicit or process sensitive business information through unapproved channels. In the context of a ghostwriting/substack workflow, this is more dangerous because it encourages fast, informal collection of potentially proprietary statements that may later be incorporated into public-facing content.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal