ClawHub

LinkedIn Post Writer

Security checks across malware telemetry and agentic risk

Overview

This is a LinkedIn writing and scheduling helper whose publishing behavior is disclosed and gated on approval, though users should understand that approved scheduled posts may be sent to Publora or a custom backend.

Install this if you want a LinkedIn post drafting workflow with optional scheduling. Before approving a scheduled post, review the full draft and confirm which backend is active, because Publora or a custom poster may receive the post content and publish it publicly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill advertises very broad activation criteria such as general requests to write a LinkedIn post or help with a hook, which can cause the agent to trigger in ordinary writing contexts without clear user intent to use this specific workflow. That increases the chance of unintended tool use later in the flow, including audit or scheduling actions, especially because the skill includes downstream publication behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to send post content to Publora or a custom poster backend, but it does not require a clear user-facing disclosure that the draft content will be transmitted to an external service. In a writing workflow, drafts may contain sensitive business plans, personal details, or embargoed announcements, so silent transmission creates a meaningful confidentiality and consent risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal