ClawHub

Clawfeed Digest

Security checks across malware telemetry and agentic risk

Overview

The digest fetcher is straightforward, but the package also promotes broad Obsidian/OpenClaw syncing, third-party plugin or binary installation, background startup, and note deletion without enough safeguards.

Install only if you are comfortable with the Obsidian integration guidance, not just the digest fetcher. Prefer running the fetch script against a narrow dedicated output folder, keep backups, avoid whole-vault bidirectional sync or note deletion commands unless explicitly intended, and verify any third-party Obsidian plugin or sync-service binary before enabling it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly states it will automatically write fetched content into a user’s Obsidian directory, but the documentation does not warn that local files will be created or modified. In an agent or scheduled-task context, that can lead to unintended filesystem changes, note pollution, or overwriting content if the output path is misconfigured or assumed implicitly.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document instructs users to disable Obsidian safe mode and install a third-party plugin through BRAT without any warning, verification guidance, or trust-boundary discussion. This lowers built-in protections and can lead users to execute unreviewed plugin code with access to local notes and files, especially risky because the plugin is tied to syncing data with another workspace.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation explicitly instructs users how to move/rename and delete notes, but it does not warn that these actions are destructive and may cause irreversible data loss or break links/workflows. In a skill intended to manipulate a live Obsidian vault, omission of safety guidance increases the chance that an agent or user will perform harmful file operations without confirmation or backup.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation recommends automatic bidirectional sync with another service but gives no warning about overwrite, merge conflict, or propagation of accidental deletions across systems. In the context of note-management tooling, this makes mistakes more dangerous because destructive changes can rapidly spread to all synced copies and become harder to recover.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script writes untrusted remote content directly to a predictable local path and opens files in write mode, which will silently overwrite existing notes with the same generated filename. In this context, the default target is an Obsidian vault directory, so a normal run can unexpectedly modify user content without confirmation, backup, or conflict handling.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal