ClawHub

Geo Agentops

Security checks across malware telemetry and agentic risk

Overview

This GEO marketing skill is mostly purpose-aligned, but it understates third-party API and social-publishing exposure while using broad activation phrases.

Review before installing. Use it only if you are comfortable sending brand, market, draft-content, and citation-analysis context to third-party AI/search providers and granting social OAuth access for publishing features. Keep API/OAuth scopes narrow, approve every public post manually, and prefer the managed ClawHub install path unless you separately audit the external repository.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The security section claims all operations run only locally, yet the manifest explicitly declares multiple external APIs for LLM calls and social publishing. This misrepresentation can cause users to expose sensitive business data, prompts, and content to third-party services under a false expectation of local-only processing and privacy.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Broad trigger phrases increase the chance the skill activates in unrelated conversations, which is risky here because the skill can invoke external LLMs, access API-backed services, and perform publishing-related workflows. Misfires could lead to unintended data disclosure to third parties, confusing recommendations, or accidental preparation of outbound content in contexts where the user did not intend to use this skill.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list contains generic business phrases like market expansion, marketing, and optimization terms without strong scope constraints. In a skill connected to multiple external services, this broad matching expands the chance of unintentional invocation and downstream exposure of proprietary plans, drafts, or business context to remote APIs.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Several trigger phrases are broad, generic marketing terms such as B2B营销, 出海运营, and 独立站SEO, which can match ordinary user conversation rather than a clear request to invoke this specific skill. That raises the chance of unintended activation, causing the agent to access configured capabilities or external APIs in contexts where the user did not explicitly intend to use this skill.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases are broad and overlapping, such as optimization-oriented marketing terms that could match loosely related user requests and activate the skill unintentionally. In an agent ecosystem, unintended invocation can expose users to irrelevant or manipulative outputs, cause context drift, and route requests into a capability set broader than the user expected.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal