ClawHub

Hologres Ad Campaign

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Hologres advertising workflow, but it can create cloud resources, generate media, and store results in OSS.

Install only if you intend to use Hologres AI Functions with OSS-backed ad generation. Use a dedicated database/schema and OSS prefix, grant a least-privilege RAM role, review SQL before running write operations, avoid sharing signed URLs or unreleased campaign assets, and clean up generated tables, logs, Dynamic Tables, and OSS media when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The description contains very broad trigger phrases spanning many loosely related advertising and analysis tasks, which can cause the skill to activate outside its intended scope. In an agent environment, over-broad routing can hijack unrelated user requests, leading to incorrect tool use, unintended data handling, or execution of risky workflows without clear user intent.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The description is entirely in Chinese and implies Chinese-language behavior without stating that language should follow user preference. This can cause the skill to respond in an unexpected language, degrading user understanding and potentially obscuring important output or consent-relevant details in a workflow involving campaign generation and analysis.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The SQL template sends user-provided media references and generated outputs to external AI and OSS services via ai_gen, to_file, and output_dir, but the documentation does not warn users that source assets may leave the local trust boundary. In an ad-generation workflow, uploaded materials can include proprietary creative assets, customer data, or licensed media, so silent transmission creates real privacy, confidentiality, and compliance risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The video-generation section documents returning signed video URLs containing access parameters and explicitly tells users to preserve the full link, but it does not warn that these URLs may grant temporary access to generated media and can be unintentionally shared or logged. Because this skill is designed for advertising assets and ROI analysis, the outputs may contain unreleased campaign materials or sensitive business content, making leakage through signed URLs a practical exposure risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The SQL block performs bulk synthetic event generation and inserts the results into a persistent log table without any warning, row-count estimate, scoping guard, or cleanup guidance. In an agent setting, a user or downstream system may execute this as-is, causing substantial unintended data growth, storage/compute cost, and polluted analytics that can affect later decisions.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal