ClawHub
Back to skill

Security audit

Daily History

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent daily-history generator with opt-in local push scheduling, but users should notice the twice-daily notification behavior and broad history triggers.

Install only if you want bilingual EN/CN history cards and are comfortable with optional scheduled pushes. If enabling push, confirm the userId, channel, timezone, and morning/evening times, and use the documented off command to remove scheduled jobs. Consider narrowing trigger keywords or requiring explicit invocation if your agent router auto-activates skills from generic history requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill’s declared purpose centers on generating a daily history timeline card, but the documentation also introduces push scheduling, user-specific state, multiple delivery channels, and evening notifications that are not clearly disclosed in the top-level description. This mismatch can mislead users and reviewers about the actual capability and data handling surface, reducing informed consent and making hidden side effects more likely.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill documentation expands from simple content generation into notification management and multi-channel delivery, which materially changes the trust and privacy profile of the skill. Even without obviously malicious code, undisclosed operational features can cause users to enable recurring outbound actions they did not expect.

Intent-Code Divergence

Low
Confidence
82% confidence
Finding
The manifest advertises a daily morning push, while the documented commands support twice-daily delivery with evening scheduling. This inconsistency is less severe than hidden code execution, but it still undermines transparency and can lead to unexpected recurring notifications.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The keyword list includes very broad phrases such as 'today in history', 'historical events', and common Chinese equivalents that can plausibly match ordinary user requests outside an explicit skill invocation. In an agent/router environment, this increases the chance of over-triggering the skill, causing unintended activation, context hijacking, or surprising behavior when users did not specifically opt into this skill.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The README repeatedly mandates bilingual EN/CN output as a default behavior without indicating user preference, locale detection, or opt-in. While not a classic security flaw, this can create prompt-scope and policy issues in agent systems by forcing unnecessary output transformation, increasing token usage, and overriding user intent or downstream formatting expectations.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The generic keyword trigger '历史' is broad enough to match many ordinary history-related requests unrelated to this date-specific timeline skill. Overbroad triggers can cause accidental activation, unexpected web searches, or content generation when the user intended a different history task.

Vague Triggers

Medium
Confidence
75% confidence
Finding
The keyword 'world history' is ambiguous and can capture broad educational or research queries outside the skill’s narrow date-based purpose. This raises the chance of unintended activation and confusing behavior, especially since the skill performs web lookup and produces a formatted artifact rather than general history assistance.

Vague Triggers

Medium
Confidence
75% confidence
Finding
The keyword 'China history' is broad and not specific to a daily timeline card, so it may intercept requests about general Chinese history. In context, this is mainly a scope/activation problem rather than a direct exploit, but it can still cause user confusion and unnecessary data fetches.

Natural-Language Policy Violations

Medium
Confidence
72% confidence
Finding
Mandating bilingual English/Chinese output without indicating user choice imposes a language policy that may not match user expectations or privacy preferences. While not a classic security bug, it can create consent and usability issues, especially if content is pushed automatically to external channels.

Natural-Language Policy Violations

Medium
Confidence
72% confidence
Finding
The content instructions force every event description to be bilingual, which hard-codes language behavior without an opt-in mechanism. In a push-enabled skill, that can increase the mismatch between what users expect to receive and what is actually delivered.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal