ClawHub

AI每日最新进展日报

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed AI-news digest skill that saves local Markdown reports, with some activation-scope caveats but no evidence of hidden or harmful behavior.

Install only if you want the skill to create dated digest files under your OpenClaw workspace. For scheduled runs, use a very explicit prompt or skill name to avoid collisions with other summary skills, and periodically clean up old digest files if the workspace is shared or synced.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad enough to capture many ordinary requests about AI news or summaries, which can cause the skill to activate when the user did not explicitly intend to run this specific workflow. Because the skill performs multi-source collection and writes an output file, overbroad activation increases the chance of unintended tool use and side effects.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The README states that the skill will create a file under the user's workspace, but does not clearly warn users up front that invoking the skill modifies the filesystem. This can lead to unexpected persistent side effects, especially if the skill is auto-triggered by broad phrases or cron jobs.

Vague Triggers

High
Confidence
85% confidence
Finding
Using generic cron keywords like “日报”, “digest”, or “brief” makes scheduled activation ambiguous and prone to collisions with other summarization workflows. In multi-skill environments, this can cause the wrong skill to run automatically and perform network-heavy collection and local file creation unexpectedly.

Vague Triggers

Medium
Confidence
85% confidence
Finding
Using generic cron keywords like “日报”, “digest”, or “brief” makes scheduled activation ambiguous and prone to collisions with other summarization workflows. In multi-skill environments, this can cause the wrong skill to run automatically and perform network-heavy collection and local file creation unexpectedly.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to write Markdown files into the user's workspace and optionally update an index, but this side effect is not prominently disclosed as a consent boundary. A user could invoke what sounds like a summary task without realizing it will persist files locally, which is risky in automation contexts and shared environments.

Session Persistence

Medium
Category
Rogue Agent
Content
- **主文件**:`~/.openclaw/workspace/digests/YYYY-MM-DD.md`
- **同日重跑**:追加后缀 `-v2`、`-v3` 不覆盖。
- **目录不存在时**:先 `mkdir -p`。
- **索引**(可选功能):生成完毕后更新 `~/.openclaw/workspace/digests/INDEX.md`,追加一行到开头 `- YYYY-MM-DD: [链接到今日文件] — 今日要闻第 1 条标题` 作为导航。

## Cron 定时任务配置(用户侧)
Confidence
82% confidence
Finding
mkdir -p`。 - **索引**(可选功能):生成完毕后更新 `~/.openclaw/workspace/digests/INDEX.md`,追加一行到开头 `- YYYY-MM-DD: [链接到今日文件] — 今日要闻第 1 条标题` 作为导航。 ## Cron 定时任务配置(用户侧) 这个 skill 本身只是"怎么做"的说明,**"每天自动跑"这件事要在 OpenClaw 侧单独

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal