ClawHub

Fiverr Gig Automation

Security checks across malware telemetry and agentic risk

Overview

The skill is clear about automating Fiverr, but it asks for account credentials and describes automated public/account actions without enough user-control safeguards.

Review carefully before installing. Only use this with an account you are comfortable automating, avoid storing your main password if possible, and require manual approval before any gig creation, buyer message, offer, or review request. Also consider Fiverr policy and account-risk implications of Selenium automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs users to store Fiverr login credentials for use by browser automation, which enables full account access and high-impact actions such as creating gigs, messaging buyers, and requesting reviews. In this context, credential handling is sensitive and the file provides no controls, minimization, or safeguards around storage, scope, or misuse, making the finding valid.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill combines credential collection with Selenium-driven automation of sensitive Fiverr actions, yet gives no warning that it may send messages, create gigs, or otherwise act on the user's behalf using their account. That omission materially increases the risk of unintended account actions, platform policy violations, or credential misuse, especially because browser automation can exercise the full privileges of the authenticated user.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal