ClawHub

Smart Journal Monitor(RSS+AI)

Security checks across malware telemetry and agentic risk

Overview

This is a small local article-scoring helper with overstated RSS/AI wording but no evidence of hidden network access, persistence, credential use, or destructive behavior.

Install this only if you want a local Python helper that ranks article records from a JSON file. Do not expect live RSS polling, AI summarization, scheduled alerts, or journal fetching from this version, and only provide article files you are comfortable allowing the script to read.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill advertises executable behavior and local file access but does not declare permissions, which weakens reviewability and can cause the runtime or a human operator to underestimate what the skill can read. In an agent setting, undeclared file-read capability increases the chance of unintended access to workspace files or sensitive local inputs passed through the workflow.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documented purpose is generic and governance-oriented, while the described behavior includes concrete article scoring, local JSON ingestion, and monitoring logic that materially changes what the skill does. Description-behavior mismatch is dangerous because users, orchestrators, and security reviewers may authorize the skill for one bounded purpose while it actually performs broader data processing and decision-making.

Description-Behavior Mismatch

Medium
Confidence
81% confidence
Finding
The manifest and opening documentation frame the skill as a bounded evidence-insight workflow, but the body presents it as an RSS-based personalized journal monitoring system. This inconsistency can mislead routing and safety decisions, causing the skill to be invoked in contexts where networked content ingestion or broader monitoring behavior was not expected.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The risk table states there are no external API calls, yet the skill is explicitly described as RSS-based monitoring, which normally requires outbound network retrieval. Misstating network behavior is dangerous because defenders may permit the skill under incorrect assumptions, missing controls for exfiltration, untrusted content ingestion, or network sandboxing.

Vague Triggers

Medium
Confidence
72% confidence
Finding
Broad, underspecified invocation guidance increases the likelihood that the skill will be selected for requests outside its safe and intended scope. In an agent environment, ambiguous routing can expose unrelated files, trigger unnecessary code execution, or cause users to rely on outputs from a tool that is not appropriate for the task.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal