ClawHub

ai news weekly agent

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed AI news report generator that fetches public sources, optionally uses an LLM, and saves a local Markdown report.

Install only if you are comfortable with the skill fetching public AI news sources and sending report inputs to your configured LLM provider when --use-llm is used. Review sources.json, use a dedicated API key with limits, verify any OPENAI_BASE_URL or Ark configuration, and avoid --allow-insecure-ssl, --allow-custom-llm-endpoint, or webhook sending unless you intentionally trust those endpoints.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrase "Generate this week's report" is broad enough to plausibly match ordinary user requests that are not intended to invoke this specific skill. In an agent environment with multiple skills, this can cause unintended activation, leading to surprising behavior, unnecessary external fetches, or execution of actions the user did not explicitly consent to in that context.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill specifies LLM-generated long-form Chinese output by default without indicating that this is conditioned on user preference. This is not a classic security flaw, but in agent settings it can override user intent or system expectations, causing unauthorized content transformation, workflow confusion, or misuse in downstream pipelines that assume a different language.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly writes generated reports to a local path and supports webhook-based transmission, but the description does not clearly warn users that execution will create files and may send content to an external endpoint. This can lead to unintended local data persistence or outbound disclosure of aggregated content, especially in agent environments where users may not expect side effects from a summary-generation skill.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
When --use-llm is enabled, the script sends fetched article excerpts, titles, links, source names, and metadata to an external LLM endpoint. Although this is part of the feature design, there is no explicit disclosure or consent prompt at the transmission point, so users may unintentionally export collected content to third-party services, especially if a custom endpoint is allowed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal