ClawHub

Blog to Kindle

Security checks across malware telemetry and agentic risk

Overview

The skill broadly matches its purpose, but it can email generated files through the user’s Mail app to a built-in personal Kindle address, so it needs review before use.

Review this skill before installing. Remove the built-in Kindle email address, require your own recipient every time, and confirm the exact file and destination before any send. Use it locally for fetching and EPUB generation first, and only enable Mail.app/AppleScript delivery if you are comfortable with the skill sending attachments from your email account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises operational behavior that clearly requires filesystem, network, shell, and likely email-automation capabilities, but it does not declare permissions. This weakens user consent and platform enforcement because a user cannot accurately assess what resources the skill will access before use.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior is materially inconsistent with the actual or implied implementation: it hardcodes a default recipient email, relies on Mail.app/AppleScript for delivery, overstates supported sites, and claims AI cover generation that is delegated externally. Description-behavior mismatches are dangerous because they obscure data flows and side effects, especially outbound transmission of user-generated or scraped content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs sending generated EPUBs to a Kindle email address without a clear warning that content will leave the local environment via email. This creates privacy and compliance risk because scraped or compiled content may be transmitted to third-party infrastructure without sufficiently explicit user awareness.

Natural-Language Policy Violations

Medium
Confidence
98% confidence
Finding
Embedding a specific person's Kindle email address as the default recipient can cause unintended exfiltration of documents to the wrong party. In this skill's context, the risk is elevated because the workflow culminates in automatic email delivery, making accidental transmission plausible even during normal use.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow includes automated emailing of the generated EPUB off-system without an explicit warning or confirmation about external transmission. That creates a risk of unintentionally sending sensitive compiled content to a third-party service or the wrong destination, especially because the AppleScript example includes a concrete recipient address.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal