ClawHub

ZenQuote

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed quote skill with optional scheduled Telegram delivery, but users should only run setup if they want recurring messages.

Install this only if you want a shell-based ZenQuotes.io helper. Do not run the setup command unless you want recurring Telegram quote delivery; verify the chat ID and account ID first, and inspect or remove the generated ~/.openclaw/cron/zenquote-daily-*.json file if you no longer want daily messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The skill description emphasizes fetching quotes, but the documented setup flow also configures scheduled outbound delivery using chat/account context and filesystem-backed cron setup. That hidden operational behavior matters because it establishes persistence and outbound actions on behalf of the user, which can surprise users and expand risk beyond a simple quote lookup skill.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill’s stated purpose is quote retrieval, but it also writes persistent local cron-job configuration that enables automated outbound messaging. This expands the skill’s capability beyond the declared scope, increasing the risk of unexpected persistence and message automation to third-party destinations without clear user consent or visibility.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script can generate Telegram-targeted agentTurn payloads that automate sending messages to a supplied chat ID, which is a messaging capability not inherently necessary for fetching quotes. In a skill context, this creates a channel for unsolicited or misdirected outbound communication if a user provides or is tricked into providing an unintended destination.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises image download and cron-based automated delivery but does not clearly warn users that these actions modify the local system by writing files and installing scheduled tasks. That omission can cause users to invoke setup commands without understanding persistence, background execution, or filesystem side effects, which is a meaningful security and transparency issue for an agent skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Automated cron-based setup without a clear warning that it will alter the user's crontab or local scheduler creates an undisclosed persistence mechanism. Even if intended for convenience, silent scheduler modification can lead to unexpected recurring execution, privacy issues, and difficulty diagnosing or removing the behavior later.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
Hard-coding the timezone to Asia/Taipei causes scheduled automation to run at a time the user may not expect, which is risky when the skill performs persistent outbound messaging. In this context, incorrect timing can lead to accidental message delivery, confusion, or unintended repeated notifications rather than direct compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal