ClawHub
Back to skill

Security audit

Industry Daily Brief

Security checks across malware telemetry and agentic risk

Overview

This skill openly generates daily briefs and can deliver them to configured external channels, including public GitHub Pages, but those actions match its stated purpose.

Install this only if you want an agent to create brief files and, when configured, send them outside your workspace. Keep channel credentials in environment variables or a secret store, enable only the delivery targets you intend to use, and treat GitHub Pages output as public internet publication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill's high-level description understates its delivery and publication capabilities: it can send content through multiple webhooks, SMTP, bot APIs, and publish to GitHub Pages, potentially making data exfiltration or unintended public disclosure easier than a user would expect. Because it also supports reconfiguration for arbitrary domains and automated pushing, a user may invoke it for drafting while not realizing it can transmit generated or workspace-derived content externally.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The script can create a new public GitHub repository and configure it automatically. In the context of an agent skill, this is a material side effect beyond simple content generation or delivery and can expose organizational naming, metadata, and future content to a public location if invoked without clear user consent.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script uploads the generated report as index.html and archive pages, then enables GitHub Pages, making the content publicly accessible on the internet. For a briefing workflow, this is dangerous if reports may contain proprietary, paid, internal, or sensitive business intelligence, because publication is automatic and public by default.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal