ClawHub

Website Content Scraped into Obsidian

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can use logged-in browser sessions and create recurring sync jobs, so users should review its scope before installing.

Install only if you want social content saved into your Obsidian vault and are comfortable with bb-browser using your logged-in browser sessions. Configure a narrow account list, avoid bookmarks/notifications unless explicitly needed, run a dry run first, inspect any cron entry before enabling scheduled sync, and know how to disable it later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill describes capabilities that include shell execution, network access, environment use, and file writes, but it does not declare permissions or warn the user about those operations. This creates a transparency and consent gap: users may invoke the skill without realizing it can install software, access network resources, and write data into local vaults.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The documentation explicitly advertises access to personal bookmarks and notifications, which are privacy-sensitive areas beyond the skill's stated purpose of tracking user-specified accounts and syncing social content to Obsidian. In this skill context, normalizing those commands without warnings or scope restrictions increases the chance that an agent could collect private account data the user did not intend to sync.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The documentation includes home timeline and following-feed style commands such as Weibo feed, Bilibili feed, and Xueqiu feed, which exceed the manifest's described model of manually specified accounts to track. In an automation/sync skill, that broader collection scope makes over-collection more likely and can capture unrelated, personalized content from the user's account context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The scheduled sync feature states that the agent will create a cron job, which is a persistent system configuration change, but it does not require an explicit warning or confirmation. Persistent background execution can continue collecting and writing data after the user forgets about it, increasing privacy and operational risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The description says the skill fetches social media content and saves it to Obsidian, but it does not clearly foreground the privacy implication that potentially sensitive third-party content and account tracking data will be stored locally in the user's vault. In context, this matters because the vault may be synced, indexed, backed up, or shared, expanding exposure beyond the immediate machine.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Bookmarks and notifications are highly privacy-sensitive because they may reveal the user's interests, private workflow, and account activity, yet the documentation presents them alongside ordinary fetch commands without any warning or consent boundary. Given this skill saves content into Obsidian, silent use of these commands could persist sensitive personal data locally or into synced vaults without clear user awareness.

Session Persistence

Medium
Category
Rogue Agent
Content
> "Sync every morning at 9am" or "Sync every Monday at 8am"

The agent will create a cron job that runs in isolated mode with incremental sync — no duplicates.

---
Confidence
88% confidence
Finding
create a cron job that

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal