ClawHub

YoudaoNote News

Security checks across malware telemetry and agentic risk

Overview

This skill broadly matches its news-briefing purpose, but it needs review because it handles private Youdao note data with broad triggers, external searches, and insecure temporary files.

Install only if you are comfortable granting access to recent favorite Youdao notes and letting derived interests be sent to configured search providers. Avoid enabling the daily schedule unless you want recurring background briefs, and prefer a version that uses secure temporary files and narrower activation phrases.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill claims to analyze favorite Youdao notes and push relevant news, but the documented workflow also sends derived user-interest queries to third-party search providers and relies on external tools not clearly disclosed in the user-facing purpose. That mismatch matters because note-derived topics can reveal sensitive interests, and users may not expect their note content to influence outbound searches or scheduled automation.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger list includes broad everyday phrases such as '生成', '最近关注', '每日简报', and similar conversational language that can match ordinary user requests unintentionally. In a skill that reads favorite notes, performs web searches, and may manage cron jobs, accidental invocation can expose user-interest data externally or cause unwanted automation changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script writes recent favorite note data, including note titles and truncated content, to a predictable file in /tmp. Even though the filename includes the PID and is deleted on exit, the file may still be readable by other local processes or remain on disk if the script crashes or is interrupted before cleanup, exposing sensitive user note content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends the user's search query to an external web search service through `mcporter call open-websearch.search`, which discloses user-derived content over the network. In this skill's context, queries are based on collected notes and interests, so the transmitted text may reveal sensitive personal topics without any explicit notice, consent, minimization, or filtering in the script.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal