ClawHub

Daily News Collector

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate news-digest purpose, but it tells an AI to automatically set up recurring background jobs and an API key without enough user approval or cleanup detail.

Install only if you intentionally want unattended daily automation. Before enabling it, confirm the exact cron entries, the file location for weekly reports, the destination chat and who can see it, where TAVILY_API_KEY will be stored, and the exact steps to pause or delete the jobs and revoke the key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill explicitly instructs creation and modification of a local weekly markdown file as part of an automated cron workflow, but it does not warn the user that scheduled runs will persist data to disk. In an agent setting, undisclosed file writes can surprise users, overwrite expected state, or create unintended retention of collected content even if the file target is fairly constrained.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The skill describes automatically pushing collected content to chat on a schedule without warning that external or semi-public distribution may occur. Even though the content is news-oriented and likely low sensitivity, automated posting can still leak unintended material, create spam, or expose the existence and timing of internal workflows if the chat destination is not clearly defined.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide explicitly tells the AI to configure an API key as an environment variable and install unattended cron jobs, but it does not require explicit user confirmation, explain persistence, or warn about credential exposure and background execution. In an agent setting, this can lead to unauthorized system changes, long-lived secret storage, and recurring automated actions that the user may not fully understand or notice.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The OpenClaw-specific instructions directly tell the AI to create cron jobs automatically, normalizing persistent system modification without a safety checkpoint or disclosure. This is dangerous because scheduled tasks can continue executing indefinitely, consume resources, send data unexpectedly, or be repurposed by a compromised workflow once installed.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal