ClawHub

botlearn-rss-manager

Security checks across malware telemetry and agentic risk

Overview

This is a coherent RSS manager skill; its main risks are expected RSS behavior such as fetching feed URLs and updating feed state, not hidden or malicious behavior.

Install this if you want RSS/Atom feed management and digest generation. Subscribe only to feed URLs you trust, avoid private network or localhost URLs, and watch for feed URL changes after redirects. The publisher could improve safety by narrowing trigger phrases and adding confirmation or validation for persistent feed-source changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list contains generic terms like "rss," "feed," and especially "digest," which are common in ordinary conversations and can cause the skill to activate outside the user's intent. Over-broad activation increases the chance that this skill intercepts unrelated requests, leading to incorrect routing, unintended data processing, or reduced reliability of the wider agent system.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation logic says to activate whenever the user requests RSS feed management, digest generation, or feed subscription, but it does not define exclusion conditions or require strong evidence that the user wants this specific skill. Because terms like "digest" and "subscribe" are broadly used across many domains, the skill may activate in contexts unrelated to RSS, creating unintended tool selection and potentially unsafe or confusing behavior.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The strategy directs the agent to make external HTTP requests to all subscribed feeds and to automatically persist redirected URLs after a 301 response, but it does not require explicit user consent or even notification before performing those network and state-changing actions. In an agent context, this can expose user IP/network metadata to third-party feed hosts and can silently alter persisted configuration, which becomes more dangerous because feed URLs are untrusted inputs and redirects can repoint subscriptions to attacker-controlled endpoints.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The strategy instructs the system to mark a feed as dead and remove it from active polling after an HTTP 410 response, but this is a destructive persistent state change performed without a clear user confirmation or recovery path. A malicious or transiently misconfigured server could trigger removal, causing silent loss of monitoring coverage and potentially deleting user-intended subscriptions from the active set.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal