ClawHub

news-content

Security checks across malware telemetry and agentic risk

Overview

The skill does the advertised remote news extraction, but it disables HTTPS certificate checks while sending an API key and user-supplied URL to a backend service.

Review before installing. Use only with news URLs and an EasyAlpha API key you are comfortable sending to the configured backend, and avoid private, internal, or credential-bearing URLs. Prefer a version that restores normal HTTPS certificate validation before using real credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares environment-variable requirements but does not declare corresponding permissions, reducing transparency about its access to sensitive configuration such as API keys and service endpoints. This can mislead users and reviewers about the skill's actual capabilities and trust boundary, especially because it performs authenticated remote operations.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented behavior indicates the skill sends user-supplied URLs and an authentication token to an external server, while also noting SSL/TLS certificate verification is disabled. Disabling certificate validation enables man-in-the-middle interception of requests and secrets, and the description underplays the privacy and integrity risks of off-system transmission.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script explicitly sets `rejectUnauthorized: false`, which disables TLS certificate validation and allows man-in-the-middle interception or impersonation of the remote API server. Because this request carries an API key in the `Authorization` header and sends user-supplied URLs to a third-party endpoint, the trust bypass materially increases the risk of credential theft, response tampering, and silent exfiltration.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README describes privacy protection in a misleadingly reassuring way while failing to clearly disclose that user-supplied news URLs and extraction requests are transmitted to a third-party remote backend. This can cause users to unknowingly send sensitive or internal URLs, which is a real security and privacy risk in an agent skill because agents may automatically invoke the tool on user content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The usage instructions describe authenticated requests to a remote API but provide no warning that the user-supplied URL and associated metadata are transmitted off-system. This creates a privacy and trust issue because users may assume local extraction when in fact their inputs are sent to a third-party service.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill sends the user-provided news URL and the API key to a remote server, but the code provides no explicit disclosure or consent mechanism to warn users that their input is being transmitted off-host. In this skill's context, remote extraction is expected, which reduces suspicion, but the combination of third-party transmission plus disabled TLS verification makes the disclosure gap more operationally risky.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal