ClawHub

Morning Briefing Generator

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only briefing skill whose sensitive integrations and optional scheduling are disclosed and aligned with its purpose, but users should configure it carefully.

Install only if you are comfortable letting the agent summarize connected calendar, email, task, health, and messaging data. Use the narrowest account permissions available, exclude sensitive sections you do not need, keep .env tokens out of prompts/logs/version control, verify the exact Telegram/Slack/WhatsApp destination, and disable any cron job when you no longer want automated briefings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation examples are broad enough to encourage the agent to autonomously gather, synthesize, and deliver data across multiple personal sources without any explicit scoping, consent, or confirmation boundaries. In practice, this can cause over-collection of sensitive information or triggering of downstream actions such as messaging delivery with insufficient user authorization checks.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README promotes aggregation of calendar events, urgent emails, priority tasks, health metrics, and trending topics into an automated briefing, but provides no warning about handling highly sensitive personal data. Delivering that briefing over channels like Telegram, WhatsApp, or Slack increases the chance of accidental disclosure, insecure transmission, or retention of private information in third-party systems.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation phrase is very broad and resembles normal user language, which increases the chance the skill is triggered unintentionally during ordinary conversation. In a skill that aggregates calendar, email, tasks, health, and news data, accidental activation could expose or process sensitive personal information without the user clearly intending to invoke this specific skill.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill description normalizes aggregation of multiple sensitive data sources, including email, calendar, health metrics, and personal interests, but provides no warning about the privacy implications. Users may not realize the skill creates a highly sensitive consolidated profile that could reveal schedules, contacts, priorities, and health status in one output.

Missing User Warnings

High
Confidence
98% confidence
Finding
The automated delivery example sends the full briefing via Telegram without warning that contents may include email summaries, meetings, tasks, and health data transmitted to a third-party messaging service. This creates a clear confidentiality risk because highly sensitive aggregated information could be forwarded, retained, or exposed outside the primary environment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The configuration block instructs users to place sensitive account identifiers, interests, workspace details, and health-related preferences into shared documentation files without any caution. If those files are synced, version-controlled, or accessible to collaborators, they could leak personal and organizational data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The troubleshooting guidance references bot tokens in environment variables but does not warn that these are secrets that must never be exposed, logged, or committed. Users following the instructions may mishandle credentials while testing messaging delivery, enabling unauthorized message sending or account takeover of the bot integration.

Credential Access

High
Category
Privilege Escalation
Content
- Or specify in prompt: "Weather for [exact city]"

**"Not receiving Telegram messages"**
- Verify bot token in .env
- Test: "Send me a test message via Telegram"

**"Emails not loading"**
Confidence
88% confidence
Finding
.env

Session Persistence

Medium
Category
Rogue Agent
Content
### Automated Daily Briefing (Cron)
```
Create a cron job that runs every weekday at 7am.
Generate my morning briefing and send it via Telegram.
```
Confidence
86% confidence
Finding
Create a cron job that

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal