ClawHub

ai-news-daily-v1.0.4

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AI news fetcher that uses expected network, translation, and local storage behavior, with some documentation and consent rough edges.

Install only if you want a daily AI news workflow that fetches public articles, stores article data locally, and may send text to translation providers. Review config/config.yaml before running, use a virtual environment, avoid private sources, and delete the data directory if you want to remove stored articles and logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation describes installation and execution steps that clearly imply network access, local file/database writes, environment-variable use, and reading configuration, yet no permissions are declared. This weakens user consent and platform enforcement because the skill can access external services and persist data without an explicit capability declaration.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The advertised behavior understates important data-handling and outbound-communication actions: persistent storage of raw articles, use of external translation services, and reading Telegram/Discord credentials beyond the stated OpenClaw push flow. Users may authorize or install the skill without understanding where content is sent, what is stored, or which credentials may be accessed, creating privacy and trust risks.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The install/run instructions state that executing the skill will automatically create a scheduled task and push messages into the current conversation, but this side effect is not presented as a prominent warning requiring prior consent. Automatic recurring actions can surprise users, create spam/noise in conversations, and persist beyond the initial run if the user does not realize a cron job was installed.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill sends article content to external translation providers and stores original content locally, but the documentation does not present this as a privacy-relevant warning. Even if the content is news, transmitted and stored data may include copyrighted text, tracking URLs, or user-configured sources, and users should be told before third-party sharing and retention occur.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The configuration enables automatic push behavior by default (`auto_push: true`) and the skill description says it also creates a scheduled task automatically. That combination can cause unattended outbound delivery of generated content without a fresh user action each run, increasing the risk of unexpected data transmission or spam if feeds, summaries, or destinations are misconfigured.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Outbound pushing is enabled in the OpenClaw section without an explicit in-file warning that content will be transmitted automatically to another surface (`target: webchat`). In this skill's context, automatic daily collection, summarization, and pushing make silent external transmission more significant because users may not realize fetched content is being propagated on a schedule.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The module transmits text to external translation services without any explicit notice, consent, or privacy guardrails. If the text contains sensitive content from feeds, prompts, or operator-provided data, that content is disclosed to third-party providers, which may violate user expectations or policy requirements.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal