ClawHub

Google Tag Manager

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Google Tag Manager helper, but it can change or publish live GTM resources using sensitive Google credentials without clearly documented safety guardrails.

Install only if you intend to let an agent administer GTM. Use a least-privilege service account, keep the JSON key out of prompts and repositories, and require manual review before delete, update, create-version, or publish operations against production containers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises destructive and high-impact operations such as delete, update, and publish to a live GTM container without requiring explicit confirmation or warning about production impact. In this context, an agent could modify tracking, break analytics, alter marketing tags, or publish unintended changes to live sites if invoked ambiguously or automatically.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to provide a path to a Google service account JSON key but gives no warning that this file is a highly sensitive credential that can grant API access to GTM resources. In an agent setting, normalizing use of raw key files without handling guidance increases the risk of credential leakage, unsafe storage, accidental exposure in logs, or overprivileged access.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The reference documents the version workflow but does not clearly warn that `create_version` deletes the workspace as part of the operation. In a GTM management skill, this omission can mislead an agent or user into performing a destructive action while expecting a non-destructive snapshot, causing loss of draft state, workflow disruption, or accidental overwriting of ongoing changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal