News Digest

Security checks across malware telemetry and agentic risk

Overview

The skill is a legitimate news-digest workflow, but its scheduled runner loads broad .env files as shell code before starting OpenClaw, which deserves review before use.

Install only if you are comfortable with scheduled agent runs. Prefer a dedicated .env containing only TAVILY_API_KEY and XPOZ_API_KEY, avoid relying on ~/.env, review any cron entries before enabling them, and be aware that manage-config.mjs reset overwrites the saved schedule.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The script automatically sources the first existing .env from several locations, including broad user-home paths, and does so with Bash `source`, which executes shell content rather than safely parsing key/value pairs. In a cron context this widens trust boundaries unnecessarily for a news-digest scheduler: a modified or malicious .env can inject commands, override environment variables, or load unrelated secrets into the process.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The `reset` command immediately overwrites the existing configuration with defaults, which can destroy user-defined schedules, topics, and preferences if invoked accidentally or through automation with the wrong arguments. In a config-management CLI, destructive actions should require explicit confirmation or a force flag because the consequence is data loss, even if this is not a code-execution issue.

Credential Access

High

Category: Privilege Escalation
Content: # --- Load .env --- ENV_CANDIDATES=( "$HOME/.openclaw/workspace/.env" "$SKILL_ROOT/.env" "$HOME/.env" )
Confidence: 82% confidence
Finding: .env"

Credential Access

High

Category: Privilege Escalation
Content: # --- Load .env --- ENV_CANDIDATES=( "$HOME/.openclaw/workspace/.env" "$SKILL_ROOT/.env" "$HOME/.env" )
Confidence: 66% confidence
Finding: .env"

Credential Access

High

Category: Privilege Escalation
Content: ENV_CANDIDATES=( "$HOME/.openclaw/workspace/.env" "$SKILL_ROOT/.env" "$HOME/.env" ) ENV_LOADED=""
Confidence: 84% confidence
Finding: .env"

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal