ClawHub

aiinsight-daily-new

Security checks across malware telemetry and agentic risk

Overview

This RSS helper is mostly purpose-aligned, but it needs review because it can automatically post to configured webhooks, expose webhook tokens in logs, and has unsafe input handling that could run unintended code.

Install only if you intend this skill to contact the RSS source and any webhook URLs you configure. Keep AI_DAILY_WEBHOOKS unset unless you want push delivery, use only trusted webhook endpoints, avoid exposing command logs, and prefer a fixed version that masks webhook URLs, validates inputs safely, and declares its Python/feedparser dependency.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The script description states it only fetches RSS content, but the embedded Python also transmits the fetched result to arbitrary webhook URLs from the AI_DAILY_WEBHOOKS environment variable. This mismatch reduces operator awareness and can cause unintended exfiltration of fetched data to third-party endpoints, especially in an agent/automation context where environment-provided webhooks may be preconfigured.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly supports pushing fetched content to multiple webhooks but does not warn users that retrieved content will be transmitted to external endpoints. In agent environments, this creates a data-flow risk because users may enable push destinations without understanding that content and possibly metadata are sent outside the local trust boundary.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script automatically posts fetched content to all URLs listed in AI_DAILY_WEBHOOKS with no prior warning, consent prompt, or destination validation. In a skill setting, this is more dangerous because secrets or organization-controlled webhook endpoints may already exist in the environment, so running a seemingly read-only fetch operation can unexpectedly send data outside the local execution boundary.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal