News Source Manager (信息源管理器)

Security checks across malware telemetry and agentic risk

Overview

This skill only manages a local news preferences file and does not show hidden code, credential use, or unsafe automation.

Install this if you want OpenClaw to remember news categories and preferred sources for related news skills. Review proposed changes before confirming, especially when removing categories or changing source lists.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The activation guidance is broad enough that this skill could be invoked for generic preference-management requests rather than only for explicit news-source configuration. That increases the chance of inappropriate skill routing, unnecessary access to user preference files, or unintended writes to news-sources.json when another skill or a simple conversational response would have been more appropriate.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal