ClawHub

Kb Collector

Security checks across malware telemetry and agentic risk

Overview

This Obsidian collection skill mostly matches its stated purpose, but one digest script can email local vault-derived content to a hard-coded external address unless the user edits it first.

Review and edit the scripts before installing or running. Replace all George-specific vault paths, author names, and email recipients; do not use --send or the cron example until the recipient, Gmail/gog authorization, and Tavily API key are intentionally configured. Treat fetched web pages and transcripts as untrusted content saved into your vault.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation describes capabilities to read/write files, access the network, and invoke shell commands, but it declares no permissions. That creates a transparency and consent problem: users and hosting platforms cannot accurately assess or gate what the skill is allowed to do, increasing the chance of unexpected data access, outbound requests, or command execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
83% confidence
Finding
The documented purpose focuses on collecting and summarizing content for Obsidian, but the behavior includes additional actions such as sending email digests, running automated research, and using extra external services. This mismatch is dangerous because users may approve the skill for a narrow note-taking task without realizing it can continuously collect external data and transmit results via email or third-party APIs.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The skill describes collecting content but does not clearly warn that fetched pages, transcripts, and notes are written into the user's Obsidian vault. Without that disclosure, users may unintentionally persist untrusted or sensitive content locally, potentially overwriting organizational expectations about what is stored in the vault.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The nightly research and digest sections describe external source collection and email sending but do not provide a clear privacy or data-transmission warning. This is risky because automated jobs may regularly send summaries or collected content to external services or recipients without users fully understanding what data leaves their environment and on what schedule.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
In URL mode, the script retrieves arbitrary remote content from a user-supplied URL and writes that content directly into the Obsidian vault. In the context of an agent skill that may be triggered with untrusted inputs, this creates a real risk of SSRF-like internal network access via the fetch tool and persistent storage of hostile or misleading content without validation or warning.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal