ClawHub

Hugo Blog Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Hugo blog publishing helper that can write blog files and push them to GitHub, so users should review changes before publishing.

Install this only if you want an agent to publish Hugo posts from your local blog repository. Before each push, review the target directory, Git remote, generated front matter, Markdown body, taxonomy _index.md files, and commit message; prefer repository-scoped Git credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad enough to match ordinary requests like '发布文章' or 'post to blog', which can cause the skill to activate in situations where the user did not intend file writes or repository pushes. Because this skill performs local file modification and `git push`, accidental invocation can lead to unintended publication or data changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description does not prominently warn that it will create or modify files and push commits to GitHub. Users may invoke it expecting formatting help only, while the skill proceeds to make persistent local and remote changes, increasing the risk of accidental publication.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Automatically reading `MEMORY.md`, `USER.md`, and local `.git` configuration without a privacy notice or explicit consent can expose sensitive data such as personal domains, repository paths, remotes, usernames, or tokens embedded in configuration. In a skill that also performs publication actions, this implicit configuration harvesting increases privacy and operational risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal