Skills
skills/alireza59/3clickclaw-blog-skill/3clickclaw-blog/Gen Agent Trust Hub

3clickclaw-blog

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the curl binary to perform management operations via the 3ClickClaw Blog Admin API at api.3clickclaw.com. This includes listing, creating, and deleting posts.\n- [DATA_EXFILTRATION]: Transmits generated blog content and images to the vendor's API. Authentication is handled using the BLOG_API_TOKEN environment variable, which prevents the exposure of hardcoded secrets.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection during the blog creation process.\n
  • Ingestion points: User-provided topics and descriptions used to generate blog content (e.g., 'new blog post about...').\n
  • Boundary markers: None identified in the workflow to separate user data from agent instructions.\n
  • Capability inventory: Network access and command execution via curl to manage site content.\n
  • Sanitization: No explicit validation or filtering is performed on the generated markdown content before it is sent to the API.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 06:48 PM