ClawHub

Marketing Asset Generator

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it generates marketing assets, uploads them to Feishu, and posts to Slack, so users should treat it as an external-sharing automation.

Install only if you intend campaign prompts, generated images, file links, and some research snippets to be processed by external services and shared to the configured Feishu folder and Slack channel. Use least-privilege API keys, choose a narrow Slack channel, avoid confidential unreleased material unless those services are approved for it, and prefer pinned dependencies for production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (12)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly states that generated assets are automatically uploaded to Feishu Drive and that the team is notified on Slack, but it does not warn users that prompts, generated content, links, or related metadata may be transmitted to third-party services. This creates a real transparency and consent issue because users may run the workflow expecting local-only processing and unintentionally exfiltrate sensitive marketing plans, unreleased product details, or internal creative assets.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The example prompts are broad and action-oriented, encouraging automatic execution of a multi-step workflow without clear boundaries, confirmation gates, or exclusion conditions. Because this skill performs external search, cloud upload, and Slack notification, vague invocation patterns increase the chance of unintended triggering and silent data sharing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation describes upload and notification steps as workflow features, but it does not prominently warn users that generated assets and related context may be automatically sent to Feishu Drive and Slack. In a marketing workflow, prompts, generated images, file links, and possibly inspiration data may contain confidential campaign information, making undisclosed third-party transmission a meaningful privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The code reads multiple secrets from environment variables and uses them to access third-party services without any user-facing disclosure or consent gate. In an agent-skill context, this can surprise operators and cause credentials to be used on behalf of a user or workspace without transparent notice.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow transmits generated assets and associated metadata to Feishu and Slack, but the code provides no explicit warning, confirmation, or policy check before doing so. In an automated agent environment, that creates a real risk of unintended data disclosure to external systems.

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-dotenv>=1.0.0
duckduckgo-search>=6.1.0
google-genai>=0.3.0
requests>=2.31.0
Confidence
96% confidence
Finding
python-dotenv>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-dotenv>=1.0.0
duckduckgo-search>=6.1.0
google-genai>=0.3.0
requests>=2.31.0
requests-toolbelt>=1.0.0
Confidence
96% confidence
Finding
duckduckgo-search>=6.1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-dotenv>=1.0.0
duckduckgo-search>=6.1.0
google-genai>=0.3.0
requests>=2.31.0
requests-toolbelt>=1.0.0
slack-sdk>=3.27.0
Confidence
96% confidence
Finding
google-genai>=0.3.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-dotenv>=1.0.0
duckduckgo-search>=6.1.0
google-genai>=0.3.0
requests>=2.31.0
requests-toolbelt>=1.0.0
slack-sdk>=3.27.0
Confidence
98% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
duckduckgo-search>=6.1.0
google-genai>=0.3.0
requests>=2.31.0
requests-toolbelt>=1.0.0
slack-sdk>=3.27.0
Confidence
95% confidence
Finding
requests-toolbelt>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
google-genai>=0.3.0
requests>=2.31.0
requests-toolbelt>=1.0.0
slack-sdk>=3.27.0
Confidence
96% confidence
Finding
slack-sdk>=3.27.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
93% confidence
Finding
requests

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal