ClawHub

team-quality-daily-report

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it reuses a live browser login to capture and replay dashboard API requests and can run on a schedule while storing internal report data locally.

Install only if you are authorized to access the configured dashboard and API. Use a dedicated low-privilege browser profile or service account, inspect `config.json` before running, run it manually before enabling cron, and protect or periodically delete the generated JSON and Markdown files because they may contain sensitive team or business metrics.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The function inspects browser traffic and parses raw POST bodies from requests matching a configured API, then reuses that captured payload for later API calls. For a skill whose stated purpose is generating a team quality report, this behavior can unintentionally collect session-scoped or user-specific request data without clear minimization, making it more dangerous than a normal reporting workflow.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
Registering a request listener to capture POST data is a network-interception capability that can expose sensitive business parameters or session-derived data from a logged-in browser session. In the context of a reporting skill, this is not inherently malicious, but it creates unnecessary access to data beyond what is needed if a direct API client or supported export mechanism exists.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly states the skill connects to an existing Chrome browser and reuses the current login session to access reports. That creates account-scope and privacy risk because the automation may inherit broad authenticated access and perform data collection without clearly warning users about what accounts, sessions, or data will be used.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README describes automatic capture of report data and storage of daily JSON/Markdown files under a user home directory, but provides no guidance on handling potentially sensitive business metrics. This can lead to silent accumulation of sensitive operational data in predictable local paths, increasing exposure to other local users, backups, or accidental sharing.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill states that it saves daily JSON and Markdown reports under a local path, but it does not warn users about persistent local writes or retention of potentially sensitive team-quality data. This can lead to unintentional data exposure on shared machines, backups, or subsequent runs that reuse historical files.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented workflow captures XHR API request payloads from a dashboard and replays API calls after modifying the time range, but the skill description does not disclose the privacy and security implications. Captured requests may contain auth headers, session-bound parameters, internal endpoints, or sensitive business metrics, so replaying them without an explicit warning can expose confidential data or exceed user expectations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The captured request payload may contain sensitive filters, account identifiers, tenant metadata, or other session-bound request content, yet the code provides no notice, consent, or masking before collecting it. Because the skill relies on an already logged-in browser, the captured data may reflect privileged access and could be reused in ways the user did not expect.

Session Persistence

Medium
Category
Rogue Agent
Content
通过 cron 每天自动生成日报:

```bash
crontab -e
```

添加:
Confidence
76% confidence
Finding
crontab -e

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal