ClawHub

Tech Radar Daily

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its daily tech-radar purpose, but it includes an under-documented Feishu chat-listing helper that can use app credentials to read organization chat metadata.

Install only if you are comfortable with the skill fetching public tech sources, saving local cache/report/log files, and sending the generated digest to your Feishu webhook during normal runs. Review or remove scripts/test-feishu-chat.js unless you explicitly intend to provide Feishu app credentials and list Feishu chats. Use a least-privilege GitHub token and only configure a proxy you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares environment variables and executable binaries, and its documented actions invoke Node scripts that perform networked collection and webhook delivery, but it does not present an explicit permissions model for those capabilities. This weakens user consent and review because a user may not realize the skill can access env-provided secrets, make outbound requests, and execute shell-like commands through the runtime.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented behavior does not match the observed capabilities: it omits reading Feishu chat metadata, local persistence of logs/history, and extra collection sources, while also overstating some implemented sources. This is dangerous because hidden data collection or storage broadens the trust boundary and can expose operational metadata or retained content beyond what the user consented to.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill does mention a Feishu webhook in configuration, but it does not provide a prominent warning that a normal run will transmit collected content externally by default. This can lead to accidental data egress, especially if users test with real feeds, internal notes, or enriched logs and assume local-only behavior unless --test is used.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code automatically routes all outbound requests through a proxy defined by environment variables and may attach a GitHub token to API requests, but it provides no validation, restriction, or disclosure of where traffic and credentials are sent. In an agent or automation environment, a malicious or misconfigured proxy can observe metadata and potentially receive authenticated requests, increasing credential exposure and traffic interception risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal