ClawHub

Creator Screening

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but one screening framework uses rural/class-coded rejection rules that can unfairly affect creator approval decisions.

Install only if you are comfortable sending creator URLs, usernames, and related public social-media metadata to Memories.ai and possibly Apify using your own API keys. Before using it for real creator selection, revise the CAC Crusher rubric to remove rural/class-coded and subjective appearance-based rejection rules, and require human review for borderline cases.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Tainted flow: 'req' from os.environ.get (line 99, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
data = json.dumps(body).encode()
    req = urllib.request.Request(url, data=data, method='POST')
    req.add_header('Content-Type', 'application/json')
    resp = urllib.request.urlopen(req, timeout=300)
    raw = json.loads(resp.read())
    
    results = {}
Confidence
87% confidence
Finding
resp = urllib.request.urlopen(req, timeout=300)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documents access to environment variables, external network calls, and report/file generation behavior, but it does not declare corresponding permissions. This creates a transparency and governance gap: users or orchestrators may invoke the skill without understanding it can transmit data to third-party services and write outputs, undermining least-privilege and informed consent.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The documented behavior materially diverges from the stated scope: it references an undisclosed Apify fallback, supports transcript-only analysis, and overstates platform/framework support. These mismatches are dangerous because users may rely on incomplete or inaccurate disclosures when deciding whether to provide data, and policy controls may fail if they are based on the declared behavior rather than actual external integrations.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The invocation description is broad enough to trigger on many generic creator-evaluation requests, which can cause the agent to activate a networked, third-party-analysis workflow without sufficient specificity. In context, this increases the chance of unintentional data sharing or use of an automated screening pipeline when the user may have expected a local or lightweight evaluation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill lacks a user-facing warning that creator URLs, profile metadata, and video-derived data are sent to external services for scraping and AI analysis. Because this workflow processes third-party social media content and associated metadata, missing disclosure meaningfully increases privacy, compliance, and consent risk, especially in enterprise or regulated settings.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
This framework uses class- and locale-coded rejection criteria such as excluding 'rural/farm-like' or 'visibly unpolished' environments and appearance-based signals that are not tied to a documented business necessity. In a creator-screening skill, these rules can systematically exclude creators based on socioeconomic, regional, or cultural presentation rather than content quality, making the bias operational and scalable.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The explicit rejection of 'rural or visibly low-production aesthetics' is an unjustified locale-based exclusion rule. Because this skill is meant to vet creators at scale, the criterion can directly filter out qualified creators from certain geographies or socioeconomic backgrounds even when their content meets legitimate performance or safety goals.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
The final decision rule instructs reviewers to reject a creator if any major red flag appears, thereby enforcing earlier biased criteria as mandatory gates in approval decisions. This increases harm because subjective and locale-coded standards become determinative, not merely advisory, within a screening tool specifically designed to make selection decisions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
User-supplied Instagram video URLs are transmitted to a third-party service without any explicit runtime disclosure or consent mechanism in the script. In a creator-screening skill, this is functionally expected, but it still creates a privacy and data-governance risk because operators may not realize external services are receiving the inputs they provide.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The fallback path sends creator usernames to Apify, a third-party scraping service, without explicit notice at runtime. Because this is a fallback path, users may be even less aware that their provided identifiers are being transmitted to a different external processor than the primary service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal