ClawHub

Hotnews Excel

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly an Excel hot-news summarizer, but it asks for daily background processing and persistent storage without enough user control or scoping.

Review before installing. Use it only if you trust the local /workspace/scripts/read_hotnews.py script that will be executed, are comfortable with uploaded Excel contents being saved under /workspace/data, and explicitly want any cron-based daily processing. Disable or omit the cron step unless recurring background processing is intentional, and delete generated JSON/log files when they are no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The manifest description says only that the skill will process a hot-news Excel file, but the body also specifies summarization, JSON persistence under /workspace/data, and classified output generation. This mismatch can mislead users or downstream systems about data handling and side effects, reducing informed consent and making unintended file writes more likely.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill documentation introduces a cron job that performs autonomous scheduled processing, which goes beyond the user-triggered behavior described in the metadata. That materially changes the trust model: the skill is no longer passive file handling, but persistent automation that can read, process, and write data on a recurring basis without an explicit user action each time.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger keywords include broad everyday terms such as 'skill', '优化', '数据', and 'data', which are likely to match unrelated conversations and cause unintended activation. In a skill that reads files and writes output artifacts, overbroad invocation increases the chance of unauthorized or surprising processing of user content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill writes parsed content to /workspace/data/hotnews_YYYY-MM-DD.json, but the user-facing description does not clearly warn that workspace files will be created or overwritten. Hidden persistence is dangerous because it can expose sensitive spreadsheet contents to later processes, retain data longer than expected, and surprise users with side effects on shared storage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal