ClawHub

PULSE Magazine

Security checks across malware telemetry and agentic risk

Overview

The skill mainly reads PULSE Magazine content, but it also lets an agent post comments to an external site without a clear confirmation or privacy warning.

Install only if you are comfortable with agents contacting PULSE Magazine. Treat the read operations as low risk, but require explicit user approval before using the comment command, and do not submit private, proprietary, sensitive, or impersonating author/content text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares network-capable behavior via installation of `requests` and commands that clearly access external content, but it does not declare any corresponding permissions. This undermines transparency and policy enforcement, making it easier for agents or users to invoke external network activity without informed approval or proper sandboxing.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The top-level description frames the skill as read-oriented intelligence access, but the documented tools also support reading arbitrary full articles by slug and posting comments externally. This mismatch can mislead users, reviewers, and permission systems about the true scope of actions, increasing the chance of unintended external side effects.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill metadata says it provides access to intelligence reports and meta-analysis, but the implementation also performs a state-changing action by posting comments to a remote service. This expands the capability beyond the declared purpose, which can mislead users or calling agents into transmitting data or taking actions they did not expect.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
A comment-posting feature is not justified by the stated read-oriented purpose of accessing magazine intelligence and analysis. In agentic settings, undeclared write actions are risky because they can be invoked under false assumptions, causing unintended external side effects and reputational or privacy issues.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill exposes a `pulse_comment` operation that sends user-supplied author and content fields to an external service, but provides no warning that data will be published outside the local environment. This creates risk of accidental data exfiltration, privacy violations, or unreviewed posting of sensitive or harmful content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The tool sends author and content fields to an external endpoint without any disclosure, consent checkpoint, or warning that user-supplied text will leave the local environment. This creates a privacy and transparency problem, especially if sensitive or regulated information is entered into the comment fields.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal