ClawHub

News Briefing

Security checks across malware telemetry and agentic risk

Overview

The skill has a clear news-to-Feishu purpose, but it needs review because user-supplied topics are placed into shell commands while API and Feishu credentials are available.

Review this version before installing in any environment with valuable local access or real API keys. Use least-privilege Feishu credentials, avoid sensitive topics, do not let untrusted text become a topic/title, and enable cron only deliberately. The safer fix is to replace shell-string execSync calls with spawn/execFile argument arrays or native fetch calls before routine use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script builds a shell command string with user-controlled values such as topic, title-like content, and other flags, then executes it with execSync. Quoting alone is not a safe boundary for shell construction; crafted input can break argument parsing or trigger command injection, which is especially risky because this skill is supposed to fetch and summarize news, not execute arbitrary shell content.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad, conversational, and likely to collide with ordinary user requests about current events, causing the skill to activate in situations where the user may not expect an external web search and Feishu delivery workflow. Because the skill can send results to a recipient and relies on external APIs, accidental invocation increases the chance of unintended data disclosure, unnecessary API usage, or surprise outbound actions.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Advertising one-sentence activation for arbitrary topics without constraints encourages the agent to treat many natural-language requests as eligible for this skill, which can blur the boundary between normal conversation and tool execution. In this skill's context, that is risky because execution involves external search providers, optional AI analysis, and message delivery to Feishu, all of which create side effects beyond simple chat responses.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documentation does not clearly warn users that content may be sent to a Feishu recipient and that external services and API credentials are involved in generating the briefing. Without this disclosure, users may unknowingly trigger data flows to third parties or a default/open_id recipient, which is especially concerning for sensitive queries, private interests, or internal monitoring topics.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal