ClawHub

Bundle

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate so-me.studio integration, but it gives an agent broad social-account and workspace-admin powers without enough scoping or confirmation guidance.

Install only if you trust the so-me.studio CLI and intend to let an agent operate connected social accounts and workspace settings. Use the least-privileged key available, avoid admin credentials for routine scheduling, and require explicit human approval before posting, replying, deleting content, changing team roles, creating API keys, modifying webhooks, disconnecting accounts, or deleting/leaving workspaces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
This skill exposes API key creation, listing, and revocation capabilities even though the stated purpose is social-media scheduling and engagement. Credential-management functions materially expand the blast radius: a prompt-injected or over-privileged agent could mint long-lived secrets and enable persistence or external API access beyond ordinary posting operations.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
Tenant/workspace creation, deletion, and membership actions are administrative capabilities far broader than normal social-media scheduling tasks. In an agent setting, these tools could be abused to destroy a workspace, create shadow workspaces, or alter organizational boundaries, causing account takeover, data loss, or governance bypass.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill enables actions involving inbox messages, comments, analytics, and media uploads to a third-party service and onward to connected social platforms, but it does not clearly warn the user that potentially sensitive content and account data will be transmitted externally. This can lead to unintentional disclosure of private messages, media, or account metadata when an agent executes commands on the user's behalf.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example instructs the agent to send a live reply to an external conversation on the user's behalf without an explicit confirmation step or warning that this action has real-world side effects. In a social-media/inbox management skill, this is risky because an automated keyword match can misclassify a conversation and send an unintended message, potentially causing reputational harm or policy violations.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The example instructs the agent to enumerate all connected accounts and pull analytics for each one without showing any explicit user confirmation, scoping, or privacy notice. In a multi-account social-media tool, this can lead to over-collection and disclosure of metrics from accounts the user did not intend to include, especially in shared workspaces or delegated-agent contexts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal