ClawHub

Claw RSS Feed Radar

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed personal news/RSS recommendation wrapper whose sensitive behavior is expected for its purpose, but users should treat generated JSON and optional publishing as privacy-sensitive.

Install only if you are comfortable letting it read your clawsqlite interest data, call configured embedding/LLM services, fetch article fulltext, and write XML/JSON outputs. Keep output directories private by default, review JSON sidecars before publishing, and avoid enabling git publishing unless the target repository and credentials are intentionally scoped for public feed hosting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
71% confidence
Finding
The skill is presented as a personal news-radar tool, but it also exposes `schedule_from_sources_json`, which broadens behavior beyond simple retrieval into filesystem-driven batch operations. That capability expansion increases the chance of unintended file access, automation misuse, or hidden side effects, especially because untrusted callers can supply `sources_file` and `root` values that are forwarded directly to the upstream CLI.

Missing User Warnings

Medium
Confidence
72% confidence
Finding
The skill states it can generate bilingual bodies and write JSON sidecars containing full debug information, including fulltext, and may publish generated feeds to a git-backed Pages site. Without an explicit warning and safeguards, this can expose scraped article content, derived summaries, reading-interest inferences, and potentially copyrighted or sensitive material to local disk, logs, or public repositories.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal