ClawHub

Briefing Room

Security checks across malware telemetry and agentic risk

Overview

Briefing Room appears to be a disclosed, purpose-aligned macOS news-briefing skill that writes local briefing files and contacts public data sources as expected.

Install only if you are comfortable with a skill that runs web searches, sends your configured weather location and trend regions to public services, creates local config and briefing files, and may run a short background task. Review output.folder before using the clean helper, because it permanently removes old date-named briefing folders under that configured location.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill uses file read/write, network access, and shell execution but does not declare permissions or prominently warn the user. This weakens sandboxing and informed consent, making it easier for a user or orchestrator to invoke a capability-rich skill without understanding its access level.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The described purpose is news-briefing generation, but the documented behavior also includes persistent config management, folder listing, folder opening, dependency detection, and deletion of older briefings. That mismatch can cause users to authorize the skill under incomplete assumptions and hides data-management side effects not central to the core task.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill states outputs are limited to an audio briefing and DOCX, but helper commands expose additional behaviors such as listing and deleting stored briefings. This is a transparency failure that can mislead users about what artifacts and file-management actions the skill can perform.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
A cleanup helper deletes briefing folders older than thirty days, which is a destructive capability not essential to generating a briefing. Even if scoped to the skill's output directory, undocumented or automatic deletion can cause data loss and surprises if users treat past briefings as records they intended to keep.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger examples are broad everyday phrases like "Morning update" and "What's happening today?", which can plausibly match ordinary user requests and cause the skill to run when the user did not specifically intend a news briefing. In this skill's context, unintended invocation is more concerning because execution leads to network lookups, auto-created configuration, and audio/document generation on the local machine.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README states that the skill auto-creates configuration and produces output files under ~/.briefing-room and ~/Documents/Briefing Room, but it does not clearly warn users up front that local filesystem writes occur automatically. In context, this is risky because an accidentally triggered briefing could leave persistent files in sensitive user directories without informed consent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation language is broad enough to overlap with common requests like 'daily update' or 'what's happening today,' increasing the chance of accidental activation. Because the skill performs network access, file writes, audio generation, and sub-agent spawning, ambiguous triggering raises the risk of unintended side effects.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The Quick Start examples further encourage automatic triggering from ambiguous phrases and instruct immediate background execution. This reduces the user's opportunity to review side effects such as external requests, output creation, and Finder opening before the workflow starts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documentation does not prominently warn that it writes persistent files under ~/.briefing-room and ~/Documents/Briefing Room, creates temporary files in /tmp, and may open the output folder. Missing disclosure undermines informed consent for local data storage and file-management behavior.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The clean command irreversibly deletes directories with rm -rf based on a date-pattern sweep and age comparison, with no confirmation prompt, dry-run mode, or additional path safety checks. If configuration points to an unexpected location or the user invokes clean unintentionally, legitimate files can be lost without recovery.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal