ClawHub

AI News Tracker

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only AI news tracker that discloses its searches, draft storage, scheduled Feishu sending, and cleanup behavior.

Install this only if you want automated AI news collection and Feishu delivery. Before enabling cron, verify the Feishu recipient, keep unrelated sensitive notes out of MEMORY.md, and decide whether you need retained copies of sent drafts or safer send-confirmation behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to read a Feishu user ID from [WORKSPACE]/MEMORY.md at send time, which expands data access beyond what is strictly necessary for news aggregation. Workspace memory often contains unrelated user metadata or prior context, so this creates an avoidable path for overbroad access and possible disclosure or misuse of identity-related data.

Intent-Code Divergence

Medium
Confidence
79% confidence
Finding
In preparation mode, the skill both writes a draft and mutates state by updating push records and clearing the daily event store before the actual send phase occurs. If the later send step fails or is skipped, the system can lose pending events or incorrectly mark items as handled, causing integrity and availability issues in the notification workflow.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrase includes a broad everyday-language example like asking what AI news happened today, which can overlap with ordinary user conversation and cause the skill to auto-activate unexpectedly. Unintended activation can launch external searches, file writes, and message workflows without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
75% confidence
Finding
The skill specifies automatic deletion of the draft file after sending, but does not describe any user notice, retention policy, or recovery mechanism. This can cause silent data loss, reduce auditability, and make it harder to verify what was sent or recover from partial failures.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal