ClawHub

Daily Morning Meeting

Security checks across malware telemetry and agentic risk

Overview

This daily briefing skill appears purpose-aligned, but it automatically sends generated files to a CEO and uses broad shell-based commands without clear approval or permission boundaries.

Review before installing. Use it only if you explicitly want automated CEO briefings, verify the recipient configuration, and prefer a draft or approval mode before messages and attachments are sent. The shell-command implementation should be tightened before use in a sensitive workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# 7. 发送简报给CEO
    try:
        send_cmd = f'openclaw tool call message --action send --target "{CONFIG["receiver"]}" --message "【每日早会简报 {today}】请查收今日最新资讯汇总。" --media "{full_path}"'
        subprocess.run(send_cmd, shell=True, capture_output=True, text=True)
        print("简报已成功发送给CEO")
    except Exception as e:
        print(f"发送简报失败: {str(e)}")
Confidence
96% confidence
Finding
subprocess.run(send_cmd, shell=True, capture_output=True, text=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
for query in search_queries:
        try:
            cmd = f'openclaw tool call web_search --query "{query}" --count {CONFIG["search_count"]}'
            result = subprocess.run(cmd, shell=True, capture_output=True, text=True, encoding="utf-8")
            if result.returncode == 0:
                search_data = json.loads(result.stdout)
                all_news.extend(search_data.get("results", []))
Confidence
97% confidence
Finding
result = subprocess.run(cmd, shell=True, capture_output=True, text=True, encoding="utf-8")

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill advertises autonomous execution and includes a manual command invoking a local Python script, while static analysis detected shell and file-write capabilities without any declared permissions. This creates a trust and containment gap: a user or platform may allow the skill to run without realizing it can execute commands or modify files, which is especially risky for a scheduled, automated workflow.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
For a news-briefing skill, spawning arbitrary shell commands is broader capability than functionally necessary. This increases blast radius: if the command string is altered or the environment is compromised, the skill can execute unintended OS-level actions rather than just performing a search.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The report-delivery step also relies on shell-based subprocess execution, giving the skill unnecessary OS command capability for a routine send operation. In context, this is more dangerous because the step sends data externally, so command abuse can be paired with unauthorized exfiltration or misuse of messaging targets.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill automatically generates and sends a briefing to the CEO, but the description does not clearly warn users that content will be transmitted outward without a final approval step. In this context, automated outbound messaging can leak inaccurate, sensitive, or manipulated information to a high-value recipient, making the omission materially security-relevant.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill writes a file to a user workspace and automatically sends it to the CEO without user warning, approval, or review. Autonomous file creation plus outbound messaging can leak unexpected content, propagate manipulated search results, or send sensitive local-path attachments without human validation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal