ClawHub

Silver Daily

Security checks across malware telemetry and agentic risk

Overview

This appears to be a news-report skill whose web searches, script-based HTML generation, and local output file are consistent with its purpose, with transparency improvements recommended.

Install this only if you are comfortable with it performing web searches for news and saving an HTML report locally. Treat its pension-related coverage as general public information, not personal account support or financial advice, and prefer explicit prompts that specify when to search and where to save the report.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares no permissions, yet its workflow includes reading local templates and writing an output HTML file, creating a mismatch between stated and actual capabilities. This can mislead users and reviewers about what the skill is allowed to do, reducing oversight and making unauthorized file access or persistence easier to hide.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The workflow instructs execution of a local Python script through a shell-style command, which introduces code-execution behavior beyond simple news retrieval and summarization. Even if the script path is fixed, invoking local scripts expands the attack surface through script tampering, unsafe dependencies, or unintended host-side effects.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The content framework explicitly includes '个人养老金账户动态' while the skill metadata says the skill is NOT for querying personal pension accounts. This creates scope ambiguity that can cause the agent to answer disallowed pension-account-related requests or handle regulated financial topics beyond its intended boundary, increasing the risk of misleading financial guidance or accidental processing of sensitive personal-finance requests.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad natural-language requests such as asking what new silver-economy news exists today, which can overlap with ordinary conversation and cause the skill to activate unexpectedly. In a skill that performs web aggregation and generates output, accidental invocation can lead to unintended browsing, irrelevant responses, and user confusion even if it does not directly enable code execution.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The documentation states that the skill aggregates news via web_search and includes links and summaries, but it does not clearly disclose to users that external network retrieval will occur. This weakens transparency and informed consent, and in some environments unexpected outbound search behavior may create privacy, compliance, or policy concerns.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs saving an HTML report to disk without clearly warning the user or obtaining consent for local file creation. Silent persistence can surprise users, leak potentially sensitive browsing-derived content into shared environments, and normalize file-writing behavior in a skill that appears to be a simple content-generation assistant.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal