ClawHub
Back to skill

Security audit

Medium Blog Post Creator

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent Medium-drafting purpose, but it can create public GitHub Pages content and reuse a remembered repo from broad blog-writing prompts without fresh confirmation.

Install only if you want agent-assisted publishing through a public GitHub Pages staging repo. Before using it, confirm the target GitHub owner/repo each run, avoid private or sensitive draft content because it becomes public on GitHub Pages before Medium import, and review the Medium draft yourself before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes very broad phrases such as "write a blog post about X" and "blog about X," which can match ordinary writing requests that do not clearly ask for Medium publication or repository/browser automation. In this skill, unintended invocation is more dangerous than in a pure text-generation skill because it can lead the agent into creating GitHub repos, publishing public content, and driving a logged-in Medium session without sufficiently specific user intent.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
(Source: **Deploy from a branch** → `<branch>` / `/ (root)`), and wait for
     confirmation before continuing.

6. **Save the repo to the per-install config** so future runs reuse it without
   asking: write `last_repo` (`github_owner`, `github_repo`, `pages_url` =
   `<pages-base-url>`, `branch`) into the per-install config file. Schema in
   `references/configuration.md`.
Confidence
83% confidence
Finding
without asking

Hidden Instructions

High
Category
Prompt Injection
Content
<meta property="article:published_time" content="YYYY-MM-DDTHH:MM:SSZ">
  <meta property="article:author" content="POST_AUTHOR">
  <link rel="canonical" href="POST_CANONICAL_URL">
  <!-- <style> is for local preview only — Medium's URL importer strips it. -->
  <style>
    body {
      font-family: Georgia, 'Times New Roman', serif;
Confidence
70% confidence
Finding
<!-- <style> is for local preview only — Medium's URL importer strips it. --> <style> body { font-family: Georgia, 'Times New Roman', serif; max-width: 720px; margin: 2rem auto

Hidden Instructions

High
Category
Prompt Injection
Content
will convert it into an embed block:
  </p>

  <!-- Replace VIDEO_ID with a real YouTube id, or delete this block. -->
  <p>https://www.youtube.com/watch?v=VIDEO_ID</p>

  <h2>Closing</h2>
Confidence
70% confidence
Finding
<!-- Replace VIDEO_ID with a real YouTube id, or delete this block. --> <p>https://www.youtube.com/watch?v=VIDEO_ID</p> <h2>Closing</h2> <p> Wrap up with a summary or call to action. Keep

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal