ClawHub

mar-daily-news

Security checks across malware telemetry and agentic risk

Overview

This skill fetches public trending-news data through the disclosed SkillBoss API and does not show hidden local data access, persistence, or destructive behavior.

Install only if you trust SkillBoss API Hub and are comfortable providing a SKILLBOSS_API_KEY. Use a limited-scope key if available, pin and audit the requests dependency for production use, and treat returned headlines as unverified remote content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill invokes a local Python script with raw command dispatch and requires an API key environment variable, which means it has code execution, environment access, and likely network access despite not declaring explicit permissions. This creates a trust and transparency gap: an agent or reviewer may underestimate the skill's capabilities, increasing the chance of unintended secret exposure, unreviewed outbound requests, or unsafe execution of embedded code.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill sends user-relevant content and scraped page data to a third-party API hub for scraping, search, and chat processing without any visible disclosure or consent mechanism in the code. This creates a privacy and data-governance risk because fetched content may be retained, logged, or processed outside the user's expectations.

Ssd 1

Medium
Confidence
95% confidence
Finding
Scraped Baidu page content is inserted directly into an LLM prompt, so any instructions embedded in the page can influence the model's output instead of merely serving as data to extract from. This is a prompt-injection risk that can cause incorrect extraction, manipulation of results, or unintended downstream behavior if later expanded beyond simple text output.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
Confidence
95% confidence
Finding
requests

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
requests

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal