ClawHub

YTLong Daily Report

Security checks across malware telemetry and agentic risk

Overview

This report generator is not clearly malicious, but it needs review because untrusted project config or date arguments could make it run unintended local shell commands.

Install only if you trust the project directories where it will run and any .reportrc.json files there. Avoid using it in repositories from others until the maintainer replaces shell-string execution with safe argument-based git calls and updates the documentation to match the actual git-only behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill documentation materially overstates and misstates behavior: it claims to aggregate git, calendar, and task data, while the implementation apparently only uses git, reads local config, supports arbitrary ranges, and writes local files. This kind of description-behavior mismatch is security-relevant because users may grant trust or sensitive access based on false expectations, and may not anticipate local file writes or the actual data sources being used.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill advertises pulling from calendar and task managers but does not warn users that these sources may contain sensitive personal or business information. Even in documentation-only form, omission of a privacy warning can lead users to expose confidential schedules, meeting titles, project names, and task details without informed consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code builds a shell command with interpolated repository paths and date arguments from config/CLI input, then executes it with execSync. Because these values are inserted into a shell string, an attacker who can influence .reportrc.json or arguments may inject shell metacharacters or command substitutions and achieve arbitrary command execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal