ClawHub

AI UGC

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate RawUGC API reference skill, but it enables public posting, account disconnection, public uploads, and deletions without built-in confirmation guidance.

Install only if you trust RawUGC and the agent using this skill. Use a dedicated RawUGC API key if possible, avoid uploading sensitive media unless public access is acceptable, and require explicit confirmation before deleting resources, disconnecting social accounts, spending credits, scheduling posts, or publishing to social media.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill exposes destructive and externally visible operations such as disconnecting social accounts, deleting scheduled posts, and immediate publishing without any explicit warning or guardrail language requiring user confirmation. In an agent setting, this increases the chance of unintended account disruption or content loss from ambiguous prompts or prompt-injection-driven tool use.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The upload section explicitly states that the endpoint returns a public URL, but it does not warn that uploaded media becomes publicly accessible. In an agent skill, this can lead users or downstream automation to upload sensitive media under the mistaken assumption it remains private, causing unintended data exposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The social posting endpoints include modes like `now` and a publish action for drafts, but the reference does not prominently warn that these actions can immediately publish to connected social accounts. In an agent context, this increases the risk of accidental reputational damage, premature disclosure, or unauthorized posting caused by misunderstood tool behavior.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- **POST /personas** -- Create. Body: `name` (required, max 200), `description` (required, max 5000). Returns `id`.
- **GET /personas/:personaId** -- Get one.
- **PATCH /personas/:personaId** -- Update. Body: `name`, `description` (both optional).
- **DELETE /personas/:personaId** -- Delete.

**PersonaResponse**: `_id`, `organizationId`, `name`, `description`, `createdAt`, `updatedAt`.
Confidence
89% confidence
Finding
DELETE /personas/:personaId**

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- **POST /messaging** -- Create. Body: `name` (required, max 200), `body` (required, max 5000). Returns `id`.
- **GET /messaging/:messageId** -- Get one.
- **PATCH /messaging/:messageId** -- Update. Body: `name`, `body` (both optional).
- **DELETE /messaging/:messageId** -- Delete.

**MessagingResponse**: `_id`, `organizationId`, `name`, `body`, `createdAt`, `updatedAt`.
Confidence
89% confidence
Finding
DELETE /messaging/:messageId**

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- **POST /products** -- Create. Body: `name` (required, max 200), `photos` (required, URL array), `description` (max 1000), `messaging` (max 5000). Returns `id`.
- **GET /products/:productId** -- Get one.
- **PATCH /products/:productId** -- Update. Body: `name`, `description`, `photos`, `messaging` (all optional).
- **DELETE /products/:productId** -- Delete.

**ProductResponse**: `_id`, `name`, `description`, `photos`, `messaging`, `createdAt`, `updatedAt`.
Confidence
90% confidence
Finding
DELETE /products/:productId**

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- **POST /styles** -- Create. Body: `name` (required, max 200), `description` (max 1000), `type` (`video`/`image`), `aspectRatio` (`portrait`/`landscape`/`square`), `promptTemplate` (max 5000, supports `{productName}`, `{messaging}`, `{character}` placeholders). Returns `id`.
- **GET /styles/:styleId** -- Get one.
- **PATCH /styles/:styleId** -- Update. All fields optional.
- **DELETE /styles/:styleId** -- Delete.

**StyleResponse**: `_id`, `name`, `description`, `type`, `aspectRatio`, `styleId`, `promptTemplate`, `isAdmin`, `isStandard`.
Confidence
89% confidence
Finding
DELETE /styles/:styleId**

Tool Parameter Abuse

High
Category
Tool Misuse
Content
Sync connected accounts from the scheduling provider. Returns `{ success: boolean }`.

### DELETE /social/accounts/:accountId

Disconnect a social account. Returns `{ success: boolean }`.
Confidence
94% confidence
Finding
DELETE /social/accounts/:accountId

Tool Parameter Abuse

High
Category
Tool Misuse
Content
Update a post. Body: `content`, `scheduledFor`, `timezone`, `accountIds` (at least one field required).

### DELETE /social/posts/:postId

Delete a post. Returns `{ success: boolean }`.
Confidence
93% confidence
Finding
DELETE /social/posts/:postId

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal