ClawHub

daily-editor

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for making curated A4 PDF daily briefs, with optional user-requested scheduling and no hidden code or credential use.

Install this if you want an editorial-style daily PDF brief. For recurring delivery, confirm the schedule, timezone, output folder, preview step, and how to disable the scheduler; for simple one-off summaries, use a more general summarization workflow so this skill does not over-format the result.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill metadata description includes a very broad set of trigger phrases such as 'daily brief', 'printable digest', and generic topic groupings, which can overlap with many normal summarization or formatting requests. This can cause the skill to activate in situations where the user did not intend to invoke a PDF-newsletter workflow, increasing the chance of prompt hijacking of benign requests and inappropriate tool or workflow selection.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The '何时使用' section defines activation using open-ended, high-level user intents without specifying exclusion conditions, so many ordinary requests for summaries, recaps, grouped notes, or shareable writeups could match. In a multi-skill agent, ambiguous routing can result in this skill taking over unrelated tasks, leading to unintended file generation, scheduling behavior, or transformation of user content into a more authoritative-looking deliverable.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal