ClawHub

CNBlogs Publisher

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it includes unsafe credential handling and disables HTTPS certificate verification while performing live blog publishing and deletion actions.

Review carefully before installing. Use only a revocable CNBlogs token, rotate any token copied from this package, avoid running tests/test_all.sh, do not print or commit your token, and prefer fixing the scripts to use verified TLS before using the skill on a real blog account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script creates an unverified TLS context with ssl._create_unverified_context() and uses it for the XML-RPC HTTPS connection, which disables server certificate validation. That allows a man-in-the-middle attacker to impersonate the CNBlogs API endpoint, capture the CNBLOGS_TOKEN, and tamper with getPost/deletePost responses, which is especially dangerous in a post-deletion tool because it performs destructive authenticated actions.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The custom transport explicitly creates an unverified SSL context, disabling TLS certificate validation for the XML-RPC connection. This allows a man-in-the-middle attacker to intercept or modify the connection, exposing the CNBlogs token, username, and blog content, and potentially altering the post update request in transit.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation instructs users to export a long-lived `CNBLOGS_TOKEN` but provides no warning about secret handling, shell history exposure, logging, or accidental publication. In agent or shared-shell environments, this increases the chance that credentials are copied into transcripts, persisted in history, or reused insecurely, leading to unauthorized blog access.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script creates an unverified SSL context with ssl._create_unverified_context() and uses it for all HTTPS XML-RPC connections, which disables certificate validation entirely. This enables man-in-the-middle attacks against the blog API connection, allowing interception of the CNBLOGS_TOKEN and tampering with blog content or responses; the skill context makes this especially dangerous because it transmits authentication credentials to a remote publishing endpoint.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script hardcodes and exports what appears to be a real CNBlogs username and API token in plaintext. Anyone with access to the repository, logs, screenshots, or copied shell history can reuse these credentials to access and modify the associated blog account, making this a direct secret exposure rather than merely missing documentation.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The article describes automatic saving and publishing capabilities to CNBlogs through the MetaWeblog API, but it does not include a clear warning that using the skill can modify remote blog content. In an agent context, missing disclosure about write-side effects increases the chance of unintended draft creation, updates, or publication if a user invokes the skill without understanding that it performs remote state changes.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The markdown explicitly advertises publishing and deleting blog posts but does not warn that these actions are externally visible or destructive. In a skill that manages a live CNBlogs account via MetaWeblog API, this omission can mislead users or downstream agents into performing irreversible or public actions without adequate confirmation.

Ssd 3

Medium
Confidence
98% confidence
Finding
The README instructs users to run `echo $CNBLOGS_TOKEN`, which prints the full authentication token in cleartext to the terminal. This can leak credentials through terminal scrollback, shell history capture tools, screen sharing, logs, or shoulder surfing, and the token appears to grant direct blog-management capabilities including publish and delete actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal