ClawHub

Daily Idiom

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed daily Chinese idiom tool with optional scheduled pushes, and I found no hidden credential use, exfiltration, or destructive behavior.

Installers should understand that enabling this skill's push feature creates scheduled morning and evening jobs and stores per-user push preferences locally. Only enable pushes for user IDs and external channels you control, and use the documented off command to remove scheduled delivery when no longer wanted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill is presented as a simple educational idiom feature, but the documentation also advertises push-management capabilities that affect user state, scheduling, and external delivery channels. That mismatch matters because users and reviewers may not expect background notifications, per-user config changes, or outbound messaging integrations from the stated purpose, increasing the chance of unauthorized or insufficiently consented behavior.

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The documentation exposes operational commands for enabling recurring pushes and selecting channels, which expands the skill beyond passive content delivery into account/configuration management. If this is not clearly surfaced in the skill's primary interface and consent model, it can lead to unexpected notifications, privacy concerns, and misuse of external messaging channels.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrases are broad terms like 'idiom', 'learn Chinese', and related variants, which can cause the skill to activate in conversations where the user did not intend to invoke it. Over-broad invocation can lead to confusing behavior, accidental execution of push-related flows, or unintended collection/use of user context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal