ClawHub

DeepContent

Security checks across malware telemetry and agentic risk

Overview

DeepContent is a coherent marketing API skill, but it can use an account API key for team and brand workflows while leaving some account-changing and memory behavior under-scoped.

Install only if you trust DeepContent with the URLs, brand details, generated posts, and account actions you ask the agent to perform. Confirm before any team invite, brand update, approval, or other account-changing action, and review or clear saved preferences if they could reveal confidential campaign strategy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill directs the agent to store user edit behavior, preferred platform, default brand, and recurring patterns as memory even though the declared function is content generation and routing. This creates unnecessary collection and retention of behavioral profile data, which can accumulate sensitive business preferences or communication habits beyond what is needed to fulfill a single request.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match common requests such as 'generate content', 'show my posts', or any URL-based request, increasing the chance the skill activates outside the user's intended context. In practice this can cause unintended routing to external API-backed workflows, expose URLs or brand context to a third-party service, and create confused-deputy behavior in normal conversations.

Ssd 3

Medium
Confidence
95% confidence
Finding
The instruction to retain user edits and preferences as memory introduces a data retention risk because natural-language memories can contain persistent behavioral signals, branding choices, and possibly sensitive marketing strategy information. Since the skill does not define minimization, retention duration, or consent boundaries, this persistence can outlast the original task and expand privacy exposure over time.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal