ClawHub

Daily News Vnexpress

Security checks across malware telemetry and agentic risk

Overview

The news-fetching code is straightforward, but the skill also tells the agent to record user behavior in a local USERS.md file without clear notice, limits, or consent.

Review before installing. The RSS fetching behavior appears coherent, but remove or ignore the USERS.md behavior-logging instruction unless you explicitly want local retention of news preferences or query behavior. Install dependencies in an isolated environment and prefer pinned package versions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
78% confidence
Finding
The skill invokes a Python script that fetches RSS feeds over the network, but the manifest does not declare that network capability. This creates a transparency and governance gap: reviewers and policy systems may treat the skill as lower risk than it actually is, allowing unvetted external data access.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill’s stated purpose is to fetch news, but the instructions also tell the agent to remember user behavior and write it to USERS.md. That is a hidden secondary behavior involving local persistence of user data, which exceeds the declared scope and can enable unnecessary profiling or retention of potentially sensitive interaction history.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Persisting local user-profile information is not necessary to fetch RSS headlines, so the behavior is not justified by the skill’s purpose. Unnecessary local storage increases privacy risk and creates a foothold for accumulating user data across sessions without clear notice or consent.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation trigger 'latest news or trending global events' is broad and ambiguous, which can cause the skill to run in contexts the user did not intend. Over-broad triggering is especially risky here because the skill also performs network access and instructs local data persistence, magnifying the consequences of accidental activation.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to write user behavior to USERS.md without warning the user that a local file will be modified or that behavioral data will be stored. Silent persistence of user behavior is a significant privacy and trust violation, and can lead to unintended retention of sensitive preferences or query history.

Ssd 3

Medium
Confidence
96% confidence
Finding
The instruction to remember user behavior and write it to USERS.md establishes a natural-language logging requirement for user data. Such free-form logging is risky because it can capture more information than intended, persist sensitive context, and bypass structured privacy controls.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal