ClawHub

RSS Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill behaves like a normal RSS monitor, with expected local storage and optional Feishu/Lark notifications that users should configure carefully.

Install only if you are comfortable fetching the feeds you configure, storing feed URLs and recent article history under ~/.rss_monitor, and optionally sending article-title notifications to Feishu/Lark. Keep the webhook URL private, use non-sensitive feeds for external notifications, and remove any cron job when you no longer want ongoing checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation describes capabilities that read environment variables, read and write local files, and perform outbound network access, yet it declares no permissions. This creates a transparency and consent problem: a user or platform may invoke the skill without understanding it can access webhook secrets, persist data under the user's home directory, and contact arbitrary feed or notification endpoints.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises Feishu/Lark notifications but does not clearly warn that feed content, article titles, links, or metadata may be transmitted to an external service. In a monitoring context, this can leak internal, sensitive, or user-specific feed data to third-party infrastructure without informed user consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup instructions tell users to place a Feishu webhook in an environment variable but do not warn that the webhook is a credential that must be protected from logs, screenshots, shell history, or accidental commits. If exposed, an attacker could abuse the webhook to send unauthorized messages into the user's Feishu group or impersonate legitimate notifications.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script forwards feed-derived article titles to an external Feishu webhook automatically during checks, which can leak monitored content patterns or sensitive feed metadata to a third-party endpoint without an explicit confirmation step at send time. In this skill context, external notification is a core feature, but the lack of clear consent controls, destination validation, and content minimization still creates a real data-exposure risk if users monitor private or internal feeds.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal