ClawHub

news-scout 热点新闻聚合简报

Security checks across malware telemetry and agentic risk

Overview

This skill fetches public news feeds and Bing News results to create Chinese AI and investment news briefs, with no hidden credential use, persistence, or destructive behavior found.

Install only if you want the agent to fetch current public news from third-party RSS feeds and Bing News. Use a virtual environment, install only feedparser and requests for this version, and treat fetched article text as untrusted source content that should be summarized rather than followed as instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The skill's declared behavior materially overpromises and underdescribes what it actually does, including external search/retrieval and the lack of implemented ranking, categorization, and impact-analysis logic. This is dangerous because users and orchestrators may trust the skill to produce curated, policy-constrained output when it may instead return raw externally sourced content with weaker filtering, increasing misinformation and unexpected data-flow risk.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
The changelog explicitly states a Chinese-only output requirement, which can override or constrain the user's preferred language without consent. In a news aggregation skill, this is mainly a policy/UX safety issue rather than a direct security exploit, but it can degrade accessibility, mislead users about available language choices, and conflict with higher-priority user instructions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger examples in the integration section are broad everyday phrases like “新闻简报” and “今日新闻,” which can easily overlap with normal conversation and cause unintended activation of the skill. Because this skill performs network retrieval and may automatically fetch external content, accidental invocation can lead to surprising outbound requests, unnecessary data exposure about user interests, and execution of behavior the user did not explicitly intend.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README describes automated collection and analysis of news but does not clearly warn users that the skill performs live network access, RSS fetching, and external search queries. In an agent environment, lack of disclosure is risky because users may not realize their request will trigger outbound connections to third-party services, which can affect privacy, consent, and operational expectations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger keywords are broad everyday terms such as '新闻' and '简报', which can cause the skill to activate unintentionally in ordinary conversation. In a skill that performs external retrieval and scripting, overbroad activation increases the chance of surprise network access, irrelevant execution, and accidental disclosure of user intent to external services.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal