ClawHub

Dailynewsreport

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its news-brief purpose, but its Telegram delivery is implemented in a way that could let malformed settings run unintended commands.

Review before installing. The skill’s core behavior is understandable, but Telegram sending should be changed to a native HTTP client or argument-safe spawn/execFile with strict token and chat ID validation. Install only after dependency cleanup and only if you are comfortable sending generated news reports and links to Telegram.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The code uses child_process.exec to build and execute a shell command containing botToken, chatId, and message text. Even though the message body is URL-encoded, botToken and chatId are interpolated directly into the shell command, so attacker-controlled or malformed configuration values can lead to shell injection or unintended command execution; using a shell here also unnecessarily expands the attack surface for a simple HTTP API call.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly supports pushing generated news briefs to Telegram, which transmits collected and transformed content to an external third-party service. Without an explicit user-facing notice, consent model, or data-handling constraints, operators may unintentionally exfiltrate scraped content, internal focus topics, or sensitive monitoring outputs outside the local environment.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"axios": "^1.6.0",
    "cheerio": "^1.0.0",
    "node-cron": "^3.0.3",
    "crypto": "^1.0.1"
  },
  "devDependencies": {
    "@types/node": "^20.0.0",
Confidence
93% confidence
Finding
"crypto": "^1.0.1"

Known Vulnerable Dependency: axios==1.6.0 — 10 advisory(ies): CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF); CVE-2026-42044 (Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `pars); CVE-2026-25639 (Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig) +7 more

High
Category
Supply Chain
Confidence
96% confidence
Finding
axios==1.6.0

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal