ClawHub

Latte News Fetcher

Security checks across malware telemetry and agentic risk

Overview

This skill is openly designed to fetch news, but it also gives detailed instructions for bypassing paywalls and using logged-in browser sessions, so it should be reviewed before installation.

Install only if you are comfortable with a skill whose stated purpose includes paywall circumvention and routing article URLs through third-party services. Avoid using your main Chrome profile or logged-in news accounts with it, do not disable privacy protections such as Private Relay or change DNS casually, and keep TAVILY_API_KEY unset unless you trust Tavily with your searches and article URLs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (24)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The README explicitly instructs using the user's real browser profile and login to access member-only sites, extending the skill from ordinary news retrieval into authenticated account use. This creates a meaningful risk of session/cookie exposure, unintended use of paid accounts, and unauthorized access patterns under the guise of normal browsing.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill instructs the agent to leverage a user's authenticated Chrome session to access member-only content, effectively using the user's credentials/session state to bypass normal access controls. This expands the skill from public news retrieval into privileged account-assisted access, creating risk of unauthorized account use, privacy exposure, and terms-of-service violations.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
This section goes beyond simple news discovery and provides concrete bookmarklet-based techniques and third-party services specifically aimed at accessing paywalled content. In the context of a skill explicitly advertising paywall bypass, this meaningfully broadens the capability into circumvention guidance, increasing legal, policy, and abuse risk.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The skill documents persistent storage of user news preferences in a workspace file but does not clearly warn users that their data will be retained locally. While the data is low sensitivity, undisclosed persistence can violate user expectations and may expose interests or reading habits to other local users or tools.

Vague Triggers

High
Confidence
83% confidence
Finding
The trigger phrases are broad everyday terms like '新闻', '文章', and '阅读', which can cause the skill to activate in unrelated contexts. Overbroad invocation increases the chance the agent enters a workflow that fetches external content or attempts restricted-access retrieval without clear user intent.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The daily-use invocation examples are ambiguous and map common requests directly into automated site access. In this skill's context, ambiguous activation is more dangerous because downstream behavior includes paywall-circumvention and browser-based retrieval from third-party sites.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The skill description explicitly advertises bypassing paywalls to obtain full text, which is an instruction to circumvent publisher access restrictions. Because this is a core advertised capability rather than incidental wording, the surrounding context makes the policy and security risk substantially higher.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
This section provides a step-by-step workflow using multiple third-party services specifically to circumvent paywalls when direct access fails. Operationalizing circumvention across fallback services materially increases the likelihood of misuse and normalizes unauthorized access to restricted content.

Natural-Language Policy Violations

High
Confidence
100% confidence
Finding
The WSJ-specific section gives concrete operational instructions, browser steps, and click-flow guidance for accessing archived copies of paywalled articles. This is especially risky because it targets a named publisher and provides actionable procedures that reduce friction for repeated circumvention.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document advises users to disable iCloud Private Relay to work around archive.today access issues, but does not warn that doing so reduces IP/privacy protections and can expose browsing metadata to the local network or ISP. In the context of a paywall-bypass skill, this is more dangerous because it encourages users to weaken privacy controls specifically to access restricted content, increasing legal/privacy risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guidance to switch DNS to 8.8.8.8 omits that this changes the DNS resolver handling the user's queries and may alter privacy, logging, filtering, and organizational-network policy compliance. Within a tool focused on bypassing paywalls, this recommendation is riskier because it normalizes modifying network settings to evade access restrictions without informing users of security and privacy tradeoffs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The file instructs users to change DNS settings, disable iCloud Private Relay, and alter network conditions to make archive.today work, but provides no warning about privacy exposure, security degradation, or possible system-wide connectivity impact. In a security-sensitive agent skill, advising users to weaken protective network settings to access content is dangerous because it normalizes reducing defenses and can expose browsing activity or break trusted configurations.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
This file is explicitly a playbook for bypassing publisher paywalls using third-party services, archive sites, and fallback strategies, including a recommended sequence and per-publication effectiveness guidance. In the context of a news-fetching skill whose description promises '绕过付费墙获取全文', this is not incidental mention but operational enablement of access-control circumvention, which creates legal, policy, and abuse risk and encourages unauthorized access to protected content.

Missing User Warnings

High
Confidence
98% confidence
Finding
The document explicitly recommends tools and techniques to bypass paywalls and access-controlled content, but provides no legal, ethical, or account-risk warnings. In this skill's context, that guidance is not incidental; the skill metadata itself advertises bypassing paywalls, which materially increases the likelihood of policy abuse and unauthorized content access.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The troubleshooting guidance tells users to clear cookies, use incognito mode, switch networks, and disable Private Relay to get around verification and dynamic paywall barriers. These steps aid evasion of access controls while omitting warnings about privacy degradation, session exposure, or the risks of disabling protective features.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends user-supplied URLs to Tavily's extract API, which can expose potentially sensitive reading targets or internal links to a third party without explicit notice or consent. In this skill's context, that risk is heightened because users may submit article URLs that reveal interests, subscriptions, or private/internal endpoints.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The direct fetch path retrieves arbitrary user-provided URLs and the relay-service paths forward them to third parties, creating SSRF-like risk and data exfiltration concerns if the tool is run in a trusted network environment. An attacker could supply internal, cloud-metadata, or otherwise sensitive URLs and cause the agent host to access them or disclose them to relay services.

Ssd 4

Medium
Confidence
97% confidence
Finding
The documented workflow normalizes a stepwise process for bypassing paywalls via archives, third-party readers, fallback tools, and ultimately user login. In context, this is not incidental discussion; it is core operational guidance for circumventing publisher access controls, increasing legal, ethical, and platform-abuse risk.

Ssd 2

Medium
Confidence
95% confidence
Finding
The README frames obtaining paywalled content as 'full text + AI summary' and 'deep reading,' which softens and operationalizes circumvention intent. In this skill's context, that phrasing directly supports unauthorized access to restricted publisher content rather than merely describing neutral summarization functionality.

Ssd 2

Medium
Confidence
96% confidence
Finding
These instructions provide concrete operational steps for using archive.today and reader-style third-party services to access restricted articles. Because the skill's purpose includes bypassing paywalls, the documentation materially facilitates circumvention of access controls, not just generic troubleshooting.

Ssd 4

Medium
Confidence
98% confidence
Finding
The file gives step-by-step advice for finding free copies, alternate access paths, gift links, PDF versions, and browser bookmarklets that redirect pages to paywall-bypass services. Because the skill metadata explicitly promotes using archive.today, smry.ai, and 12ft.io to access paywalled content, this is not incidental reference material but operational guidance for circumvention.

Ssd 2

Medium
Confidence
97% confidence
Finding
The file provides natural-language operational guidance for circumventing restricted access using third-party mirrors, JavaScript disabling, user-agent changes, and browser extensions. Because the skill is specifically designed to fetch news and bypass paywalls, these instructions function as actionable enablement for unauthorized access rather than neutral reference material.

Ssd 2

Medium
Confidence
95% confidence
Finding
The matrix repeatedly normalizes circumvention by naming publishers and pairing each with recommended bypass methods and expected effectiveness. That publisher-by-publisher playbook lowers the barrier to misuse and makes the skill more operationally dangerous than a generic discussion of paywalls.

Ssd 2

Medium
Confidence
96% confidence
Finding
The '特殊问题' section gives step-by-step instructions to evade verification loops and dynamic paywalls through DNS, browser-state, and network changes. Even without exploit code, this is actionable evasion guidance that helps users defeat access restrictions and can also encourage weakening privacy-related settings.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal