ClawHub

Jiajiaoy Morning

Security checks across malware telemetry and agentic risk

Overview

This daily briefing skill does what it advertises, but it ships a real user profile and uses broad persistent scheduling and personal-data access that need review before install.

Review before installing. Remove the bundled 8603011439 user data, require an explicit userId instead of the default, inspect the 11 dependency skills, and register cron jobs only after confirming the recipient, schedule, stored data location, and deletion process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The documentation exposes a specific user's identifier, name, city, channel, and subscription state in plain text. Even if included as an example, publishing real user profile and delivery metadata is unnecessary for functionality and creates avoidable privacy and targeting risk.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script accesses `../../yunshi/data/profiles` to read a user's 八字 profile from another skill's data store, which creates cross-skill data access and weakens isolation boundaries. Even if used for a related feature, this can expose sensitive personal profile data to a separate skill without explicit consent checks or a formal permission boundary.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly stores personal configuration data such as userId, name, city, and channel recipient identifiers, but provides no privacy notice, retention guidance, or access-control expectations. This increases the chance of mishandling personal data and leaves users unaware of what is being stored locally.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill instructs the agent to register scheduled outbound messages automatically, but does not prominently warn about the operational and privacy implications of recurring automated delivery. In a messaging skill, silent or poorly disclosed auto-subscription can lead to unwanted notifications, spam complaints, or misuse of delivery channels.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script reads sensitive personalized fortune-profile data and prints it into generated prompt content, which may be logged, forwarded to other agents, or exposed to downstream LLM providers. Because 八字 data can be treated as personal profile information, emitting it without an explicit privacy notice, minimization, or consent gate increases privacy leakage risk.

Ssd 3

Medium
Confidence
97% confidence
Finding
Including a real user's identifying and delivery configuration details directly in the skill file discloses personal and operational metadata to anyone who can read the repository or package. Because this is a notification skill, those details also reveal messaging endpoints and usage patterns, making the exposure more sensitive in context.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal