ClawHub

Rss Content Flow

Security checks across malware telemetry and agentic risk

Overview

This skill appears to manage and fetch RSS feeds, storing only feed configuration locally; broader save/publish claims should be treated as optional integrations that need user confirmation.

Install only if you want an RSS feed helper. Review and edit the feed list before use, avoid adding private or internal URLs unless you intend the agent to fetch them, and require explicit confirmation before any separate Feishu save or social publishing tool is invoked.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to read a local config file, write or modify subscription state via management scripts, and perform network requests to arbitrary RSS URLs, but it declares no permissions or trust boundaries. This creates a capability mismatch that can lead to unintended file access or outbound requests being executed without clear user awareness or platform enforcement.

Vague Triggers

Medium
Confidence
93% confidence
Finding
触发词如“RSS 订阅”“我需要内容灵感”等过于宽泛,容易在普通对话中被误匹配,导致技能在用户未明确授权时启动。由于该技能后续可抓取外部内容、生成稿件并衔接保存/发布流程,误触发会扩大为不必要的数据访问、外部请求或内容操作风险。

Missing User Warnings

Medium
Confidence
95% confidence
Finding
文档声明可“写入飞书文档或直接调用发布工具”,但未说明这属于会修改外部系统状态的操作,也未提示需要用户确认。若结合自动化流程或误触发,可能导致未审阅内容被保存、覆盖或发布到外部平台,造成信息泄露、品牌损害或错误传播。

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrase '帮我找今天的选题' is broad enough to overlap with ordinary conversation and could cause the skill to activate when the user did not specifically intend to invoke it. Because activation leads to local file reads and network fetching, accidental invocation increases the chance of unintended data access and external requests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal