ClawHub

RSSHub Route Generator

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill fetches user-specified public websites and generates RSSHub route files, which matches its stated purpose.

Install this only if you want an agent to fetch public website pages and generate RSSHub route code. Confirm the output path before writing files, avoid private URLs, and review the generated TypeScript before adding it to an RSSHub project.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
97% confidence
Finding
The skill auto-activates on any website URL, which is far too broad for a capability that performs deep website analysis and may generate files. This can cause unintended invocation on ordinary browsing/help requests and lead to unexpected network activity, code generation, and downstream filesystem writes without clear user intent.

Vague Triggers

Medium
Confidence
83% confidence
Finding
Several trigger phrases are generic enough to overlap with normal requests about RSS, feeds, or subscriptions, increasing the chance the skill runs when the user did not intend code generation. In this skill's context, mistaken activation is more dangerous because the workflow includes fetching remote content, analyzing sites, and producing route files.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs saving generated route files into the working directory without explicit warning, consent, or path-safety constraints. Silent filesystem modification is risky because users may invoke the skill expecting analysis only, while the agent writes code artifacts that could overwrite files, pollute repositories, or be chained with unsafe paths in broader tooling.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal