ClawHub

Blog Publisher

Security checks across malware telemetry and agentic risk

Overview

This blog-publishing skill is mostly coherent, but it grants an agent broad publishing authority and includes under-disclosed external image-generation behavior that users should review carefully before installing.

Install only if you intend to let an agent work in the specified dev-blog repo, read the named Obsidian drafts, use browser/image-generation services, and publish to the linked site. Before any push, require `git status` and `git diff`, stage only intended files, avoid or separately approve force-pushes, explicitly choose any image provider, and do not send sensitive drafts or images through ChatGPT, Google, OpenRouter, or Telegram unless you accept those data flows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill performs network- and environment-dependent actions such as cloning/pushing to GitHub, deploying via Vercel-linked flows, and relying on local environment variables, but it does not declare those capabilities explicitly. Hidden capabilities reduce transparency and informed consent, making it easier for an agent to perform external side effects the user may not expect.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documented behavior expands beyond blog publishing into automated external image generation, browser/extension interaction, and saving downloaded/generated image bytes locally. That mismatch matters because users may invoke a content-publishing skill without realizing it can drive other tools and services, increasing the chance of unintended outbound requests, API use, or local file writes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow includes force-pushing a branch and merging/pushing to production, but does not prominently warn that these actions can overwrite remote history or publish unintended content. In an agent context, operational instructions that mutate remote state without strong confirmation gates can cause irreversible repository and deployment damage.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
git checkout -B preview
git add -A
git commit -m "Add blog post: {title}"
git push origin preview --force
```

확인 링크:
Confidence
95% confidence
Finding
git push origin preview --force

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal