ClawHub

Post Creator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent HTML poster generator, with ordinary caveats around creating a local poster file and loading CDN resources for fonts/export.

Install if you are comfortable with the agent creating a local HTML poster file and with the generated file loading Google Fonts and html2canvas from third-party CDNs when opened. For privacy-sensitive or offline use, ask for a no-CDN/no-JavaScript version and confirm the filename and save location before generation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Scope Creep

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs saving generated HTML to the user's working directory even though it declares only browser permission. This creates a capability/behavior mismatch that can mislead users and orchestrators about what side effects the skill may attempt, increasing the risk of unauthorized local file writes if the host agent honors the instruction.

Description-Behavior Mismatch

Low
Confidence
89% confidence
Finding
The metadata presents the skill as a browser-based HTML poster generator, but the body later extends behavior to local file creation. This inconsistency can cause users or policy systems to underestimate the skill's operational scope and approve it under weaker assumptions than its instructions actually imply.

Scope Creep

Medium
Confidence
90% confidence
Finding
The HTML imports third-party resources from Google Fonts and cdnjs, which causes network requests to external domains whenever the poster is opened. This creates privacy, integrity, and availability risks because page behavior depends on remote content that could track users, fail to load, or be altered if the external dependency is compromised.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow tells the agent to save an HTML file into the user's working directory without warning or consent. Silent file creation is a meaningful side effect that can violate user expectations and, in multi-tool environments, become a stepping stone for planting executable or web content locally.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill allows loading Google Fonts and html2canvas from external CDNs without warning the user that opening the generated HTML will trigger third-party network requests. This can leak metadata such as IP address, user agent, timing, and potentially poster content context to external providers.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill mandates inclusion of a third-party html2canvas CDN script in every poster without user disclosure. Because the generated HTML is intended to be opened in a browser, this guarantees external code execution from a remote source, creating privacy, supply-chain, and integrity risks beyond the declared design task.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal