ClawHub
Back to skill

Security audit

跨平台内容自动发布

Security checks across malware telemetry and agentic risk

Overview

This skill should be reviewed carefully because it stores social-media login sessions and promotes automated reposting/deduplication workflows that can affect real accounts and copyrighted content.

Install only if you are comfortable giving the skill access to logged-in social-media sessions and supervising every publish action. Use dedicated accounts, protect or remove saved auth files, do not commit them, and avoid any reposting workflow unless you own or are licensed to redistribute the source content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (12)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest and top-level description claim active TikTok/YouTube cross-posting support, while later text says those interfaces are only pre-reserved in v1.0.0. This inconsistency can mislead users into trusting unimplemented automation for sensitive account actions, increasing the chance of unsafe setup, misuse, or reliance on nonexistent controls.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The feature table and workflow sections present cross-platform publishing as available, but the changelog states those capabilities are only reserved interfaces. For a skill that automates browser login, uploading, and account handling, overstating supported functionality is dangerous because users may expose credentials or operational content based on false assumptions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README instructs users to save authenticated platform cookies locally, which are effectively session secrets that can grant account access if copied or leaked. In a workflow that automates posting to social-media accounts, stolen cookie files could enable unauthorized posting, account takeover actions within the active session, or abuse across multiple linked platforms.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises automatic posting, persistent account login state, and reposting/downloading behavior without clear warnings about credential handling, data storage, account bans, or platform-policy violations. In this context, the absence of safety disclosures is significant because the skill targets real social-media accounts and automated actions with external side effects.

Missing User Warnings

High
Confidence
97% confidence
Finding
The workflow explicitly describes downloading popular videos, making superficial modifications, and reposting them to TikTok/YouTube without any warning about copyright, consent, attribution, or platform enforcement. This is dangerous because it operationalizes content laundering and republishing in a way that can expose users to legal claims, takedowns, and account sanctions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code persists authenticated browser state to disk, which can include session cookies and other bearer-style authentication artifacts. If the auth directory is read by another local user, included in backups, committed accidentally, or exfiltrated by malware, an attacker may be able to hijack the Xiaohongshu session without re-authenticating.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow automatically downloads, transforms, and publishes content to external platforms without any explicit user confirmation, approval gate, or warning about these side effects. In an agent context, silent file creation and external publication can cause unauthorized actions, account misuse, and accidental distribution of content.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The FFmpeg step writes modified media to disk and forces overwrite with '-y' without any confirmation or safeguard. In automated workflows, this can silently alter or replace files and makes destructive or unexpected media processing harder for a user to detect or stop.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow is explicitly designed to automatically publish generated content to Xiaohongshu, and the code proceeds from content generation to publishing without any approval gate, confirmation prompt, dry-run mode, or user-facing warning. In an automation skill that targets external social platforms, this creates a real risk of unintended posting, accidental misuse of configured accounts, policy violations, and reputational damage if generated or incorrect content is published automatically.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow automatically publishes generated content after video composition without any explicit user confirmation, approval gate, or dry-run mode. In a content-publishing skill, this increases the risk of unintended posting, reputational harm, accidental disclosure, or misuse of connected accounts, especially because the skill is designed for automated cross-platform distribution.

Ssd 4

Medium
Confidence
95% confidence
Finding
The narrative normalizes scraping domestic videos, applying trivial transformations, and reposting them abroad, which lowers the barrier to abusive republishing workflows. In the context of an automation skill with browser-based upload support, this meaningfully increases the risk of large-scale copyright infringement, deceptive reuse, and platform abuse.

Ssd 4

Medium
Confidence
95% confidence
Finding
The workflow explicitly describes downloading videos from one platform, applying transformations to evade duplicate detection, and reposting them to other platforms. In context, this is a content-laundering pipeline designed to disguise copied media and automate redistribution, which materially increases abuse potential, platform-policy violations, and copyright infringement risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/workflows/video-cross-post.js:111