ClawHub

hot-topic-ideator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Xiaohongshu content-ideation workflow that uses an external API and writes report files, with no artifact evidence of hidden, destructive, or deceptive behavior.

Install this only if you trust the ChatDAM/Tezign API with the brand, campaign, and keyword data you provide. Use a scoped CHATDAM_API_TOKEN, confirm any web-search fallback before sending sensitive inputs, verify the local html_to_pdf.py converter before running the uv command, and check the output directory before generating files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill expands its data collection scope by instructing a fallback to general web search when the primary API fails. That introduces additional external network transmission and unbounded data sourcing that is not central to the declared skill purpose, increasing privacy, compliance, and prompt/data exfiltration risk if brand inputs or internal context are sent to third-party search tools.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The manifest presents the skill as topic ideation, but the workflow also writes HTML files to disk and invokes a local PDF conversion script. This is a capability expansion beyond the stated purpose, and it can create unexpected filesystem side effects, path-handling risk, and execution of local tooling that users may not anticipate from a content ideation skill.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill requires an API token and sends user-provided brand information and generated keywords to an authenticated external service, but it does not instruct the agent to warn the user or obtain consent before transmitting that data. In enterprise or confidential marketing contexts, this can expose sensitive campaign plans, client names, or internal strategy data to third-party systems without clear disclosure.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill directs the agent to create local directories and files and save reports without warning the user. While this is not inherently malicious, undisclosed filesystem writes can surprise users, overwrite existing content, or leak artifacts into shared workspaces and automation environments.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal