ClawHub

Setup Obsidian Arxiv Daily

Security checks across malware telemetry and agentic risk

Overview

This is a bounded Obsidian arXiv digest installer whose file changes, network use, credential use, and optional scheduling are coherent with its stated purpose.

Install only into the intended Obsidian Vault. Review config.yaml before scheduling: set summary_enabled to false or unset DEEPSEEK_API_KEY if you do not want paper metadata and abstracts sent to DeepSeek. Register the scheduled task only if you want daily background runs, and inspect any existing task before using Force.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill describes capabilities to read environment variables, access and modify files in an Obsidian vault, invoke shell/PowerShell commands, and potentially perform network operations, but it declares no explicit permissions or trust boundaries. This creates a real security issue because an agent may execute powerful actions without clear user-visible authorization, increasing the chance of unintended file changes, task registration, or credential exposure during installation and scheduling flows.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
When summarization is enabled, the code sends paper title, field, authors, and full abstract to the external DeepSeek API. This is a real privacy/data-handling issue because the transfer happens automatically in code without any explicit consent flow, warning, or data-minimization step here, so users may disclose unpublished, proprietary, or sensitive reading interests to a third party unexpectedly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal