ClawHub

Daily Movie

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed movie and TV recommendation helper with optional user-triggered daily push scheduling, and I found no evidence of hidden exfiltration, credential theft, or destructive behavior.

Install only if you want a movie/TV recommendation skill that can also set up daily pushes. Do not enable pushes unless you intend to receive scheduled messages on the selected channel, and use the documented off command to remove the cron jobs when you no longer want reminders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill advertises a simple recommendation function, but the documentation reveals operational capabilities to enable scheduled push delivery, manage user-specific settings, and route notifications across external channels. This expands the trust boundary from passive content generation to stateful user tracking and outbound messaging, which can lead to unauthorized notifications, silent persistence, or data handling the user did not clearly consent to.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
Push-management commands in a skill presented as a recommendation tool introduce hidden state-changing behavior that can affect users outside the immediate interaction. Even without code execution shown here, the documented ability to turn pushes on or off for a user implies scheduled tasks and user configuration management that deserve stricter disclosure and access controls.

Vague Triggers

Medium
Confidence
78% confidence
Finding
Very broad Chinese keywords such as generic movie and TV terms increase the chance that the skill is invoked in situations where the user did not intend to activate it. Unintended invocation can expose recommendation logic, trigger downstream features, or interfere with routing to more appropriate skills.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Generic English triggers like 'what to watch', 'best movies', and 'TV show' are common conversational phrases that may appear in many contexts, making accidental activation more likely. Because this skill also appears to include push-related behavior, overbroad triggering increases the risk of invoking a more capable skill than the user expects.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The usage guidance describes activation through broad, natural phrases without clear boundaries, which can cause ambiguous routing and unintended skill execution. Ambiguity is more concerning here because the skill documentation suggests behavior beyond simple recommendations, including scheduled delivery management.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal