ClawHub

Iran Intelligence Radar (Persian X Monitor)

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its OSINT monitoring purpose, but it can automatically send scan results to external alert channels with limited consent and data-handling safeguards.

Review before installing. Use it only if you are comfortable with configured X/search, translation, billing, and alert providers receiving relevant scan data. Disable Telegram/slack/webhook alerts by default until you set known destinations, keep bot tokens out of source-controlled config, and treat daily briefing summaries as potentially static unless the publisher fixes them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill sends Telegram alerts as a side effect of running a scan, creating an outbound communication channel beyond returning results to the caller. Because this occurs automatically and is not conditioned on explicit per-run consent in this file, scan contents and escalation metadata could be disclosed to external recipients without the user's awareness.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The briefing presents hard-coded 'AI Summary' text as if it were derived from the collected history, but it ignores the actual recent data entirely. In an intelligence-oriented skill, this can mislead users into acting on fabricated or stale conclusions, especially because the surrounding sections are data-driven and make the summaries appear trustworthy.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises automatic Telegram and operational alerting but does not clearly warn users that monitored content may be transmitted to external services. In an OSINT workflow handling potentially sensitive intelligence content, silent outbound sharing can create privacy, compliance, and operational security risks.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The README states that each scan triggers billing, but the invocation examples and run instructions do not present a clear warning at the point of use that executing a scan incurs charges. This can lead to unexpected costs and weak user consent around paid actions.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill description presents translation into English, Arabic, and Chinese as a default behavior without indicating user choice or consent. Automatic translation can expose content to additional processing pipelines, create data handling concerns, and produce outputs in languages the user did not request.

Natural-Language Policy Violations

Low
Confidence
78% confidence
Finding
The daily briefing promises an English and Chinese summary without documenting any user language preference or opt-in. While lower severity than alert exfiltration, it still reflects unnecessary processing and possible data sharing beyond the user's expected locale.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises automatic Telegram alerts, which implies outbound transmission of monitored content to a third-party service, but it does not clearly warn users that data may leave the local/agent environment. In an intelligence-monitoring context, this increases the risk of accidental disclosure of sensitive queries, monitored accounts, translated content, or escalation assessments to external recipients.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Referencing Telegram bot tokens and chat IDs in configuration without any credential-handling guidance creates a real risk that operators will store secrets insecurely or expose them through logs, repos, or generated reports. Because the skill also supports outbound messaging, compromised credentials could enable unauthorized message delivery, monitoring of alert traffic, or abuse of the bot/channel integration.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The prompt instructs the agent to automatically send Telegram alerts when a score threshold is met, but it does not require explicit user consent, disclosure, or confirmation before transmitting data to an external service. This creates a real privacy and data-governance risk because tweet links, monitoring targets, and inferred intelligence context may be exfiltrated outside the current system without the user's awareness.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Telegram alerts are triggered without any user-facing disclosure in the execution path, so users may believe the skill only generates a report while it also transmits data externally. Hidden outbound messaging is risky because monitored content, trends, or escalation scores may contain sensitive intelligence or user-associated operational context.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The alert message forwards author and link fields to external channels with no minimization, validation, or access-control checks in this code path. If rows contain personal or sensitive identifiers, this can leak data to unintended recipients, especially because channels are caller-supplied and exceptions are silently ignored, reducing visibility into misuse.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The configuration enables multiple outbound alerting channels (Telegram, Slack, webhook) and includes translator/search tooling that may forward monitored content to external services, but there is no indication of user consent, warning, redaction policy, or data handling constraints. In an OSINT monitoring skill focused on sensitive geopolitical content, this increases the risk of unintentionally transmitting collected posts, metadata, or derived intelligence to third-party platforms.

Unpinned Dependencies

Low
Category
Supply Chain
Content
pyyaml
requests
python-dateutil
Confidence
95% confidence
Finding
requests

Unpinned Dependencies

Low
Category
Supply Chain
Content
pyyaml
requests
python-dateutil
Confidence
89% confidence
Finding
python-dateutil

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal