ClawHub
Back to skill

Security audit

Morning Briefing Litiao

Security checks across malware telemetry and agentic risk

Overview

This morning-briefing skill is mostly purpose-aligned, but it under-discloses sensitive Notion credential use and possible vault storage of private task data.

Install only if you are comfortable with the skill reading reminders, using a Notion API key from ~/.config/notion/api_key, querying the configured Notion database, and possibly saving the resulting briefing to an unspecified vault. Use a narrowly scoped Notion token and confirm where any vault note will be written before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script reads a local Notion API key from disk and performs an authenticated query to an external service, which expands its privilege and data-access surface beyond simple local briefing generation. In an agent-skill context, undisclosed secret access plus outbound network access is risky because it can expose task data or be repurposed to access user resources without explicit consent or scope limitation.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README uses generic phrases like "Morning briefing" and "Daily report" as invocation examples without clear trigger constraints or namespacing. Broad, everyday utterances increase the chance of accidental or unintended activation, which is more concerning here because the skill appears to chain actions across reminders, Notion queries, and vault note creation, potentially causing unintended data access or writes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script silently loads a bearer token from ~/.config/notion/api_key and transmits it in an authenticated HTTPS request without notifying the user at runtime. Even if the token is only sent to Notion, this is sensitive credential use and can surprise users or violate least-privilege expectations in an automation skill.

External Transmission

Medium
Category
Data Exfiltration
Content
#!/bin/bash\nset -e\n\ndate=${1:-$(date +%Y-%m-%d)}\nnotion_db=${NOTION_TASKS_DB:-}\n\ncat << EOF\n📅 Morning Briefing for ${date}\n\n⏰ REMINDERS (Today)\nEOF\n\nremindctl today --plain | awk -F'\\t' '{print "  " substr(\$1,1,8) " - " \$5}' || echo "  No reminders"\n\necho\n\necho 📝 NOTION TASKS\necho\n\nif [ -n "$notion_db" ]; then\n  NOTION_KEY=\\$(cat ~/.config/notion/api_key)\n  curl -s -X POST "https://api.notion.com/v1/databases/$notion_db/query" \\\n    -H "Authorization: Bearer \\$NOTION_KEY" \\\n    -H "Notion-Version: 2022-06-28" \\\n    -H "Content-Type: application/json" \\\n    -d '{\"filter\": {\"property\": \"Status\", \"select\": {\"does_not_equal\": \"Done\"}}}' | \\\n  jq -r '.results[] | \"  [ ] \" + (.properties.Name.title[0].plain_text // "Untitled")'\nelse\n  echo "  Set NOTION_TASKS_DB env or specify DB ID"\nfi\n\n# Output to stdout for Clawdbot to capture/use\n
Confidence
78% confidence
Finding
curl -s -X POST "https://api.notion.com/v1/databases/$notion_db/query" \\\n -H "Authorization: Bearer \\$NOTION_KEY" \\\n -H "Notion-Version: 2022-06-28" \\\n -H

External Transmission

Medium
Category
Data Exfiltration
Content
#!/bin/bash\nset -e\n\ndate=${1:-$(date +%Y-%m-%d)}\nnotion_db=${NOTION_TASKS_DB:-}\n\ncat << EOF\n📅 Morning Briefing for ${date}\n\n⏰ REMINDERS (Today)\nEOF\n\nremindctl today --plain | awk -F'\\t' '{print "  " substr(\$1,1,8) " - " \$5}' || echo "  No reminders"\n\necho\n\necho 📝 NOTION TASKS\necho\n\nif [ -n "$notion_db" ]; then\n  NOTION_KEY=\\$(cat ~/.config/notion/api_key)\n  curl -s -X POST "https://api.notion.com/v1/databases/$notion_db/query" \\\n    -H "Authorization: Bearer \\$NOTION_KEY" \\\n    -H "Notion-Version: 2022-06-28" \\\n    -H "Content-Type: application/json" \\\n    -d '{\"filter\": {\"property\": \"Status\", \"select\": {\"does_not_equal\": \"Done\"}}}' | \\\n  jq -r '.results[] | \"  [ ] \" + (.properties.Name.title[0].plain_text // "Untitled")'\nelse\n  echo "  Set NOTION_TASKS_DB env or specify DB ID"\nfi\n\n# Output to stdout for Clawdbot to capture/use\n
Confidence
78% confidence
Finding
https://api.notion.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal