ClawHub

CompanyInformation

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform the advertised company-news lookups, but it handles API keys in unsafe ways that users should review before use.

Review before installing. Do not paste a FEEDAX API key into chat or agent memory; use an environment variable or protected local config instead. Only use this skill if you accept that the current script contacts a plaintext HTTP endpoint and writes result files by default, or run it with `--no-output` for sensitive investigations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill tells the agent to inspect `.env` for secrets and to ask the user to provide an API key so the assistant can 'remember' it. Reading local secret stores and encouraging conversational retention of credentials exceeds the stated news-query purpose and increases the risk of credential exposure or misuse.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The documented primary workflow relies on executing shell commands and a local Python script to perform a company-news lookup. For this use case, shell execution is broader than necessary and increases the attack surface through command construction, local environment access, and unintended side effects.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill specifies automatic export of all returned data to local CSV and Markdown files, but this persistence behavior is not disclosed in the manifest description. Undisclosed local storage can create privacy, compliance, and data-retention risks, especially when query results may contain sensitive or business-relevant information.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The README states that the tool will generate CSV and Markdown files containing article content, summaries, URLs, source information, and company-related metadata by default, but it does not warn users that this persists potentially sensitive or regulated data to local storage. While the data appears to be news/public-opinion content rather than secrets, silently writing collected data to disk can create privacy, compliance, and retention risks in enterprise environments, especially if queries include monitored entities or internal research topics.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs automatic local file creation for all results without a clear up-front warning or user approval. Silent persistence is risky because users may not expect data to be stored on disk, where it can later be accessed, copied, or retained beyond the user's intent.

Missing User Warnings

High
Confidence
99% confidence
Finding
The instruction telling users to provide an API key so the assistant can 'remember' it encourages direct sharing of credentials in conversation without any security warning. This is dangerous because credentials entered into chat may be logged, exposed to other components, or retained longer than intended.

Ssd 3

Medium
Confidence
99% confidence
Finding
The skill explicitly encourages collection and retention of a user-supplied API key in conversation memory. Secret retention is a serious security concern because stored credentials can be leaked, reused beyond scope, or accessed by unauthorized parties or processes.

Ssd 3

Medium
Confidence
98% confidence
Finding
The workflow repeats the directive to ask for the API key and remember it, reinforcing unsafe secret-handling practices. Repetition in operational steps makes accidental implementation more likely and increases the chance that credentials will be persistently captured during normal use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal