ClawHub

Media News Digest

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed news-digest automation skill, but users should review its delivery settings, archive cleanup, and a few rough edges before relying on it.

Install only if you are comfortable with a skill that fetches public web/social content, can use optional API keys, and can send digests to configured Discord or email destinations. Before scheduling it, verify the recipient channel/email, use a dedicated archive directory, provide only the API keys needed, and disable or correct the unverified Twitter sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
75% confidence
Finding
A description-behavior mismatch is a real security concern because operators may grant trust and permissions based on the published scope, while the implementation reportedly supports additional ingestion paths and operational features not disclosed in the description. Hidden or under-documented behaviors such as GitHub ingestion or mismatched output channels can weaken review quality, mask data-flow expansion, and lead to overbroad execution in automated environments.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly promises that the bot will automatically install, configure, schedule, and push messages to Discord or email on the user's behalf, but it does not clearly warn that this enables outbound posting to external services. In an agent skill context, this matters because users may trigger broad automation through natural-language installation commands without understanding the scope of external actions, increasing the risk of unintended notifications, data leakage, or spam.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The configured Twitter handle "Aboringtwat" is derogatory and does not match the claimed Screen Daily source, indicating poor source validation and possible collection from an unrelated or impersonating account. In a news-digest pipeline, this can poison downstream summaries, spread misinformation, and create reputational or compliance issues if hostile content is ingested and redistributed automatically.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The handle "kaboringtwat" is offensive and inconsistent with the stated journalist identity, strongly suggesting a bogus or unverified source entry. Because this skill aggregates and republishes content, an attacker or careless maintainer could cause ingestion of misleading, abusive, or maliciously crafted posts that contaminate the digest output and erode trust.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The template instructs deletion of archive files older than 90 days without requiring confirmation, visibility, or a clearly bounded deletion mechanism. In a skill that operates on workspace paths supplied via placeholders, this can cause unintended data loss if the archive path is misconfigured, expanded incorrectly, or points to shared directories.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal