ClawHub

Pilot Podcast Production Setup

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for podcast automation, but it can set up durable agent trust and public/third-party publishing flows without enough confirmation, destination scoping, or rollback guidance.

Review this skill before installing. Verify peer identities out of band before handshakes, use test or least-privilege credentials for RSS, Slack, social, and webhook destinations, require human approval before publishing, and document how to remove ~/.pilot/setups/podcast-production.json and reset any pilotctl hostname or trust changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly describes a pipeline that can publish podcast episodes to RSS platforms, social media, and Slack with minimal human intervention, but it does not warn operators that content may be sent to external services and publicly distributed. In a deployment skill, this omission increases the risk of accidental publication of unreviewed, sensitive, or incorrect content, especially because the workflow is framed as an automated assembly line.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example commands demonstrate publishing notifications and episode data to the distributor in a way that implies live distribution to podcast platforms and social channels, but they provide no caution that these actions may trigger real outbound publication. Users following the guide verbatim could unintentionally push content to production channels or notify subscribers without review.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly configures a distributor role to send podcast data and publication notifications to external systems via webhooks, RSS/platform endpoints, and social channels, but it never instructs the operator to obtain confirmation, review destinations, or warn that data will leave the local agent environment. In a setup skill, this omission can cause accidental exfiltration of episode content, metadata, or internal notes to third-party services the user did not intend to contact.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal