ClawHub

Eir Daily Content Curator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed news-curation tool that searches the web, stores local workflow data, and optionally connects to Eir to publish generated summaries.

Install only if you are comfortable with web search/crawl requests and, in Eir mode, posting generated summaries plus source metadata to Eir. Keep personalization disabled unless you want USER.md context used in prompts, and protect config/eir.json because it contains a bearer token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill exercises sensitive capabilities including environment-variable access, local file read/write, and network access, yet it does not declare permissions or present them transparently up front. That increases the risk of users or orchestrators invoking it without understanding that it will persist data locally and communicate with external services.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The advertised behavior emphasizes daily news curation, but the skill also performs account pairing, credential storage, API synchronization, persistent state management, and posting content back to an external platform. This mismatch can mislead users into granting trust or providing inputs they would not provide if the full external integration and persistence behavior were clearly disclosed.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The script persists a long-lived API key in a local JSON file without setting restrictive file permissions or using a secret store. If another local user, process, backup system, or accidental commit exposes config/eir.json, the credential could be reused to access the remote account or associated data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description and setup guidance do not prominently warn that user interests, fetched content, generated content, and possibly delivery metadata may be sent to third-party services such as search providers and Eir. In a content-curation skill, external transmission is expected to some degree, but the absence of explicit disclosure makes the data flow less transparent and therefore riskier.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The module sends user-provided search queries and browse URLs to a third-party search service via HTTP requests, which creates a real privacy and data-handling risk if users are not clearly informed and have not consented. In a content-curation skill, queries may reflect user interests, profile-derived preferences, or sensitive topics, so undisclosed external transmission can expose personal data beyond the local system boundary.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
When personalization is enabled, the code reads the entire USER.md profile and embeds it into each generated task as reader_context. In this skill, tasks are later consumed by downstream content-generation agents and likely persisted to disk, which creates an unnecessary propagation channel for private user data and increases the chance of disclosure through prompts, logs, task files, or model output.

Ssd 3

Medium
Confidence
95% confidence
Finding
The code injects free-form reader profile text into every task bundle, creating a prompt-level data flow from local user files into downstream LLM processing. Because this is a news-curation/content-generation skill, that context can be surfaced in generated summaries, included in task artifacts, or leaked through later integrations, making the skill context more dangerous rather than less.

VirusTotal

No VirusTotal findings

View on VirusTotal