ClawHub

content-matrix-publisher

Security checks across malware telemetry and agentic risk

Overview

This skill is meant for social-content automation, but it can publish to real linked accounts through credentials, scheduled runs, and webhook triggers without clear approval gates.

Install only if you intend to let automation prepare and potentially publish content to real social accounts. Keep draft or dry-run behavior enabled, disable scheduled and webhook triggers unless explicitly needed, protect and rotate platform credentials, review dependent publishing skills, and require manual approval before any post goes live.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation describes automated multi-platform publishing and shows examples of one-click posting, but it does not prominently warn that the workflow may publish content publicly to external services using configured credentials. In an agent setting, unclear disclosure can lead users to trigger unintended public posts, causing reputational harm, accidental data exposure, or unauthorized publication from linked accounts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises automatic multi-platform publishing but does not prominently warn that it may perform external posting actions on third-party accounts. In an agent setting, this can cause users to authorize or invoke irreversible public actions without understanding the consequences, increasing the risk of accidental publication, reputational harm, or misuse of connected accounts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The example workflow normalizes posting to Xiaohongshu and WeChat as an automatic agent action without an explicit caution that these are irreversible or externally visible operations. This is dangerous because users or downstream agents may treat publication as routine execution instead of a high-risk action requiring confirmation, which can lead to accidental posting or abuse if the skill is triggered inappropriately.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The configuration section instructs users to store a Xiaohongshu session cookie and WeChat application credentials but does not pair this with strong warnings about credential sensitivity, storage risks, and least-privilege handling. If copied into insecure configs, logs, or shared environments, these secrets could enable unauthorized publishing, account takeover of connected integrations, or abuse of the user's publishing identity.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
In the non-dry-run path, the script directly invokes external publishing tools that can perform irreversible actions on real accounts without any interactive confirmation or secondary safety gate. In the context of an agent skill designed for automated multi-platform distribution, this increases the risk of accidental publication, misuse by downstream automation, or unintended posting of unreviewed content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow defines a cron trigger that runs daily at 9 AM and the distribution phase performs publish actions to external platforms, yet the manifest does not present any user-facing warning, approval gate, or disclosure that content may be automatically published. In a publishing workflow, unattended scheduled execution increases the risk of unintended posting, reputational harm, and propagation of incorrect or policy-violating content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The webhook trigger allows remote invocation of the workflow via HTTP, and the workflow includes downstream publish actions to Xiaohongshu and WeChat. Without clear disclosure and, as far as this manifest shows, without explicit gating for publish behavior, remote triggering materially raises the risk of unauthorized or unexpected content publication if the endpoint is exposed or misused.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal