ClawHub

Content Creator Workflow

Security checks across malware telemetry and agentic risk

Overview

The skill’s WhatsApp image workflow is coherent, but it needs Review because it can process customer messages through third-party AI services and appears to store a WhatsApp token locally in plaintext.

Review this skill before installing. Only use it if you are comfortable sending customer WhatsApp text and voice-note content to external AI and messaging providers, and consider changing the token storage to an OS secret manager or a permission-restricted file with clear operator warning. Pin dependencies to reviewed versions before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares powerful operational capabilities in metadata and usage instructions—environment access, file read/write, network access, and shell execution—but does not expose an explicit permissions model for users or operators. This creates a transparency and governance gap: a user may invoke a workflow that can access secrets, send data externally, and write files without clear prior disclosure or policy constraints.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The description uses broad automation language like 'automate end-to-end request-to-image delivery' without clear trigger boundaries, approval gates, or limits on which messages should be processed. In a messaging-integrated skill, this increases the risk of overbroad invocation, unintended processing of unrelated customer content, or autonomous actions taken without sufficient user review.

Missing User Warnings

High
Confidence
97% confidence
Finding
The workflow handles customer WhatsApp text and voice notes, transmits audio/text to external OpenAI APIs for transcription and image generation, and sends outputs back through a messaging system, but the skill text does not warn users that third-party services will receive customer content. Because the content may include sensitive personal or business information, the lack of disclosure and consent guidance creates substantial privacy, compliance, and data-handling risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The authentication token is persisted in plaintext JSON under the user's home directory without any permission hardening, encryption, or warning. If the local system is shared, compromised, or backed up insecurely, the token could be recovered and used to access the WhatsApp service account.

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
pydub>=0.25.1
requests>=2.31.0
python-dotenv>=1.0.0
Confidence
95% confidence
Finding
openai>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
pydub>=0.25.1
requests>=2.31.0
python-dotenv>=1.0.0
Confidence
95% confidence
Finding
pydub>=0.25.1

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
pydub>=0.25.1
requests>=2.31.0
python-dotenv>=1.0.0
Confidence
98% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
pydub>=0.25.1
requests>=2.31.0
python-dotenv>=1.0.0
Confidence
93% confidence
Finding
python-dotenv>=1.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
requests

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
78% confidence
Finding
python-dotenv

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal