ClawHub

Daily Ai News Skill 0.1.0

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward AI news briefing helper that fetches public web articles and summarizes them, with no evidence of hidden execution, persistence, credential use, or local data access.

Install this if you want an agent to browse public AI news sources and web search results for current briefings. Be aware it may activate on broad AI-update wording and perform extra web fetching, so phrase requests narrowly when you want a conceptual answer rather than a news roundup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation description is broad enough to match many ordinary requests about AI, causing the skill to trigger in situations where the user may not actually want a news-aggregation workflow. Over-broad triggering can lead to unintended tool use, unnecessary external fetching, and scope hijacking from a more appropriate skill or direct answer path.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The usage guidance includes ambiguous conditions like 'wanting to know what's happening in AI' and 'AI industry news, trends, or breakthroughs,' which are not tightly scoped to a news briefing task. This increases the chance of accidental activation on broad conversational prompts, potentially causing unnecessary browsing and making the assistant more susceptible to workflow misrouting.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal