ClawHub

Ai Daily Briefing

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only daily briefing skill whose main risk is that it summarizes private task, meeting, memory, and calendar information by design.

Install only if you are comfortable with the agent reading and summarizing your to-do list, recent meeting notes, memory/profile files, and connected calendar. Use explicit prompts such as "daily briefing" in shared workspaces, and verify the platform does not grant unrelated crypto or purchase permissions from the mismatched metadata tags.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are broad enough to match ordinary conversation such as 'what do I need to know?' or 'what's today look like?', which can cause the skill to activate when the user did not explicitly request workspace/calendar synthesis. In this skill, unintended activation is more dangerous because activation prompts the agent to gather data from todo files, meeting notes, memory files, and calendar sources, potentially surfacing sensitive information unexpectedly.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the AI to read `todo.md`, recent meeting notes, memory files, and calendar data without any user-facing notice, consent step, or scope limitation. This creates a privacy risk because a simple briefing request can aggregate and expose sensitive business or personal information from multiple sources into a single response, especially when combined with the broad trigger phrases elsewhere in the skill.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The documented trigger phrases are broad, natural-language expressions like "start my day" and "give me the rundown" that can plausibly occur in ordinary conversation. In voice or chat-driven agent systems, this increases the chance of accidental invocation, causing the skill to surface calendar, overdue-task, or meeting-derived context when the user did not explicitly intend to run it. Because this skill aggregates potentially sensitive productivity data, accidental activation is more dangerous than it would be for a harmless informational skill.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The quick-start text says meeting-derived action items "automatically populate your to-do list" without any visible warning, consent flow, or explanation of what data is accessed and whether records are created or modified. This can mislead users about cross-skill data sharing and background modification of task data, creating privacy and integrity risks if meeting content is ingested or transformed without explicit user awareness. In a briefing skill that combines meetings, tasks, and calendar data, silent automation increases the risk of exposing or propagating sensitive information across systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal