ClawHub

柯南周报

Security checks across malware telemetry and agentic risk

Overview

This skill matches its stated purpose: it searches public Conan news, saves a local report, and can optionally send that generated report to a user-configured webhook.

Install this only if you want a skill that performs public web searches and writes generated report files. Leave REPORT_WEBHOOK_URL unset unless you trust the destination, because enabling it sends the generated report to that endpoint; use HTTPS and avoid internal or untrusted webhook URLs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The documentation indicates the skill uses environment-related capabilities and real networked behavior, but no permissions are declared. Undeclared capabilities reduce transparency and can bypass user expectations or platform review controls, especially for a scheduled skill that runs automatically.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill is presented as a Conan weekly report generator, but static analysis indicates it also sends reports to external webhooks and writes files locally. This description-behavior mismatch is dangerous because hidden exfiltration or persistence behaviors can leak user data, search results, tokens, or system-derived content without informed consent.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The changelog claims support for webhook pushing and local report storage, while the main skill description does not present these as active behaviors. Security-relevant functionality hidden in release notes instead of core documentation increases the chance that reviewers and users miss outbound data flows or local persistence.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill's stated purpose is to collect and organize Conan updates, but the code also transmits the generated report to a webhook URL supplied via an environment variable. That creates an undocumented outbound data-transfer channel, which can be abused to exfiltrate collected content or route data to an untrusted third party if the environment is controlled by someone else.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Reading REPORT_WEBHOOK_URL from the environment enables arbitrary outbound delivery without any validation of where the data is sent. In agent or hosted environments, environment variables are often externally managed, so this creates a flexible exfiltration path that exceeds the narrowly described search-and-report behavior.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises webhook delivery of generated reports to an external endpoint but does not clearly warn that report contents will leave the local environment. In an agent/automation context, users may enable this feature without understanding that collected content, metadata, or future expanded report contents could be exfiltrated to a third party.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"test": "node index.js"
  },
  "dependencies": {
    "node-fetch": "^2.7.0"
  },
  "devDependencies": {
    "clawhub": "^0.7.0"
Confidence
88% confidence
Finding
"node-fetch": "^2.7.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"node-fetch": "^2.7.0"
  },
  "devDependencies": {
    "clawhub": "^0.7.0"
  }
}
Confidence
80% confidence
Finding
"clawhub": "^0.7.0"

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal