ClawHub

GitHub Trending Blog Pipeline

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed workflow for turning public GitHub repository trends into draft blog content and images, with no evidence of hidden or destructive behavior.

Install this if you want an automated GitHub-trends-to-blog drafting workflow. Review the dependent skills separately, confirm before running it from a generic blog-writing request, use least-privileged GitHub CLI authentication where possible, and manually review generated drafts and images before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are broad enough to match common user requests like '帮我写一篇关于 XXX 的技术博客', which can cause this skill to activate outside its intended GitHub-trending workflow. That creates prompt-routing risk: the agent may invoke unrelated tools or apply this pipeline to arbitrary writing requests without clear user consent, increasing the chance of unintended automation or data handling.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list uses broad topical phrases like "技术博客", "GitHub热门", and "趋势追踪" without clear activation boundaries, which can cause the skill to activate in contexts where the user did not intend to run this workflow. Because the workflow performs multi-step content generation and saves artifacts locally, overbroad triggering increases the chance of unintended data collection, external fetches, and file creation.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill describes saving generated blog output and rendered assets to local paths like /tmp/output/cover.png and /tmp/blog_article.md, but it does not explicitly warn the user that local files will be created. This can lead to surprise persistence of generated content, especially in shared or sensitive environments, and makes it harder for users to assess storage and privacy implications before invocation.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes broad phrases such as '技术博客', '技术周报', '技术日报', and '开发者内容', which can match many unrelated user requests and cause the workflow to activate unexpectedly. In this workflow, unintended activation can lead to external data fetching, AI summarization, and file generation without clear user intent, increasing the risk of surprise actions and unintended data handling.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow sends repository URLs to the summarize skill and, by description, may process README and other repository files without any manifest-level warning to the user about external transmission or content processing. This creates a transparency and data-governance issue: users may not realize third-party tools or services will receive repository-derived content, which is more sensitive in a workflow that automates multi-step content generation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal