ClawHub
Back to skill

Security audit

Generate Personal Brand Ad Creative Brief

Security checks across malware telemetry and agentic risk

Overview

This marketing-brief skill appears non-malicious, but it asks for broad local shell and file-read access that is not explained by its creative-planning purpose.

Review before installing. The content-generation purpose is coherent, but allow this skill only if you are comfortable with an agent having local Bash and file-reading tools during marketing brief work. Prefer using the ClawHub package and restrict use to user-provided files and explicitly approved commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.