ClawHub

Rss Ai Reader

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for an RSS summarizer that uses AI and messaging services, but users should review the linked code and protect their credentials before running it.

Before installing, review the referenced GitHub repository and requirements, prefer a pinned commit for regular use, store secrets in environment variables, use least-privilege bot/webhook/app-password credentials, test with --once first, and only configure feeds whose contents you are comfortable sending to the selected AI and notification services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad enough to match many ordinary requests such as subscribing, monitoring a site, or pushing daily news, which can cause the skill to activate when the user did not specifically intend to use this external RSS/LLM/push workflow. In this skill's context, unintended activation is more dangerous because it can initiate network fetching and send content to third-party LLM or notification services without sufficiently explicit user confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description advertises fetching feeds, generating summaries with Claude/OpenAI, and pushing results to Feishu/Telegram/Email, but it does not clearly warn users that article content, feed metadata, or generated summaries may be transmitted to external services. This creates a meaningful privacy and data-handling risk, especially if users monitor internal, sensitive, or personally identifying sources and do not realize that third parties will receive the data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal