ClawHub

knowledge-card-factory

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed content-automation skill that can research, generate images, and publish to social platforms, so users should keep review/confirmation enabled before posting.

Install only if you are comfortable granting the dependent skills access needed for search, scraping, image generation, and social posting. Keep require_confirmation enabled, use a sandbox or low-risk account first, restrict source platforms to content you are allowed to reuse, and avoid unattended scheduled or multi-channel publishing unless you have review, logging, and rollback controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation claims publication requires user confirmation, but the worked examples show content being posted directly without an explicit confirmation step. This mismatch can mislead operators into trusting a safeguard that may not actually be enforced, increasing the risk of unintended or unauthorized publication.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The FAQ states that only 小红书 is currently supported, but earlier examples describe publishing to additional platforms such as 公众号、微博 and 飞书文档. This inconsistency can cause users to misunderstand the skill's actual capabilities and trust boundaries, which is dangerous when actions affect external accounts and public distribution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README promotes automatic posting to 小红书 and other social platforms but does not clearly warn users up front that the workflow can perform external account actions on their behalf. In an agent-skill context, this can lead to unintended public posting, misuse of authenticated accounts, reputational harm, or accidental disclosure of generated or sensitive content.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The README describes cross-platform collection from Twitter/X, 小红书, B站, and public accounts without any privacy or data-handling notice. While this is not inherently malicious, aggregating external content across services can expose users to compliance, privacy, and terms-of-service risks, especially if collected data is stored, republished, or mixed with user-provided inputs.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are overly broad and can activate the skill for generic requests such as content creation or social posting without clear user intent to run this specific workflow. In a skill that performs external search, cross-platform scraping, image generation, and potential publishing, ambiguous activation increases the chance of unintended tool use or accidental progression into sensitive actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples normalize automatic publishing, batch generation, and scheduled posting without prominently warning about privacy, account, and reputational risks. In a skill that can post to public platforms, omission of these warnings makes accidental leaks, unwanted publication, or misuse more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal