ClawHub

Cn Report Generator

Security checks across malware telemetry and agentic risk

Overview

This skill transparently generates local Chinese work reports from local work logs and saves them locally, with no evidence of network exfiltration, deletion, credential use, or hidden behavior.

Install this only if you are comfortable with it reading your local OpenClaw memory/work-log files and saving summarized reports under ~/reports. Review generated reports before sharing them, because they may contain sensitive work details, and be aware that rerunning a daily or weekly report can replace the existing markdown file for that date or week.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly describes reading local files (`MEMORY.md`, `memory/YYYY-MM-DD.md`, `memory/in_progress.md`) and writing generated reports to `~/reports/...`, yet no permissions or user-consent model are declared. This is dangerous because it enables filesystem access and persistent writes without transparent authorization boundaries, increasing the risk of unintended data exposure or modification.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The documented behavior does not fully and accurately describe what the skill does, including writing to the user's home directory and consuming additional sources such as `in_progress.md`. Behavior-description mismatches are risky because users may invoke the skill under incomplete assumptions, leading to unexpected file access, persistence, or data handling.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrases are generic natural-language requests like '帮我生成今天的日报', which can overlap with ordinary conversation and cause accidental activation. When a skill performs filesystem reads and writes, broad invocation patterns increase the likelihood of unintended execution and unauthorized file creation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill states that it saves output to files under `~/reports/...` but does not clearly warn users that invoking it will create or modify files automatically. Silent file creation is dangerous because it can surprise users, overwrite existing notes, or persist sensitive summaries derived from internal work logs.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger keywords are broad, common phrases such as '生成日报' and '写周报', which can match many ordinary user requests beyond a narrowly scoped reporting workflow. This can cause the skill to activate unexpectedly, increasing the chance it handles unintended inputs, accesses unrelated context, or overrides a more appropriate skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal