ClawHub
Back to skill

Security audit

Copywriting Generation

Security checks across malware telemetry and agentic risk

Overview

This is a copywriting helper that uses markdown templates and may save generated copy to local files, with no evidence of hidden execution, credential use, network access, or destructive behavior.

Before installing, be aware that the skill may activate on broad copywriting phrases and may save generated content locally. Use it for marketing/copywriting tasks, keep file output in a known workspace, confirm filenames and formats before writing, and review any generated HTML before opening or sharing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases include very broad terms such as '生成文案', '写文案', and even 'meta-skill-system', which can cause this skill to activate for many ordinary writing requests beyond its intended scope. Over-broad activation increases the chance of prompt-routing mistakes, unintended file-output behaviors, and interference with other more appropriate skills, making the agent easier to steer in unexpected ways.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill includes explicit instructions for saving generated content to local .txt, .docx/.pdf, and .html files, but it does not require user confirmation, path restrictions, or warnings about writing data to disk. In an agent setting, this can enable unintended persistence of sensitive or untrusted content, overwrite existing files, or create risky HTML artifacts that may later be opened and rendered.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal