ClawHub

Daily Social Media Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill is a real social media posting tool, but it can publish publicly with account credentials without built-in review or clear account controls.

Install only if you control the connected accounts and are comfortable with automated public posting. Use restricted, revocable API keys, confirm the UploadPost destination accounts outside the skill, and run it first in a dry-run or manual review workflow before enabling any schedule.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tainted flow: 'url' from requests.post (line 99, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
if r.status_code == 200:
                url = r.json().get('render_url')
                if url:
                    img = requests.get(url, timeout=30)
                    if img.status_code == 200:
                        return {"url": url, "data": img.content}
        except Exception as e:
Confidence
97% confidence
Finding
img = requests.get(url, timeout=30)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documents operational behaviors that require file access and outbound network access, but it does not declare permissions or user-facing capability boundaries. This is dangerous because it obscures the skill's true execution surface, reducing user oversight and making it easier for the skill to read local config files containing secrets and publish externally without explicit consent expectations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The overview and purpose describe automated publishing, but omit a clear warning that the skill can post to external social media services on a schedule. That creates a meaningful safety issue because users may invoke or install the skill without understanding that it can perform irreversible public actions on connected accounts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The input variables and dependency sections identify API keys and third-party services, but do not warn that content, rendered images, and account-linked data are transmitted to external providers. This is dangerous because users may supply secrets and business content without understanding the privacy, retention, and account-compromise risks associated with multiple external processors.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill automatically publishes externally visible content to a third-party posting service without any user confirmation, review gate, or dry-run safeguard. In agent contexts, this can cause unauthorized or reputationally damaging posts if the tool is triggered unexpectedly, fed bad content, or configured incorrectly.

External Transmission

Medium
Category
Data Exfiltration
Content
```json
{
  "api_key": "...",
  "endpoint": "https://api.upload-post.com/api/upload_photos"
}
```
Confidence
80% confidence
Finding
https://api.upload-post.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal