ClawHub

smart-collect

Security checks across malware telemetry and agentic risk

Overview

This skill broadly fits its stated URL-collection purpose, but it needs review because it can send fetched page text to DeepSeek and can modify Markdown files without strong path containment.

Review before installing. Use it only with URLs whose extracted content you are comfortable sending to DeepSeek, provide a least-privilege API key, and avoid private intranet or token-bearing links. Configure the Obsidian storage path carefully, and do not pass untrusted item IDs to management commands until path validation is added. Only add the OpenClaw cron job if you want daily automatic review updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation advertises operational capabilities that imply environment access, network access, and shell execution, but it does not declare permissions or boundaries for those actions. This creates a transparency and trust problem: users and hosting platforms cannot accurately assess what the skill may access or execute, increasing the risk of unintended command execution, data exposure, or policy bypass.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented purpose says the skill analyzes and summarizes URLs and saves them to Obsidian with review reminders, but the described behavior goes further by modifying local Markdown/frontmatter, managing item state, calling external APIs, and performing automated archival/review updates. This mismatch is dangerous because users may authorize the skill for a narrow workflow while it actually performs broader data mutation and external transmission than expected.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that it fetches URL content and uses an LLM to generate summaries, but it does not warn users that fetched page content may be transmitted to an external model provider. If users process private, copyrighted, or sensitive URLs, this omission can lead to unintentional disclosure of confidential content to third parties.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The configuration instructions ask for Feishu and LLM API settings without warning that credentials, notification payloads, and review content may expose private information. This is risky because secrets may be stored insecurely in config files and notification channels may leak summaries, titles, or links from a user's private knowledge base.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Fetched webpage content is sent to the external DeepSeek API for summarization, which can expose sensitive or private page contents to a third party without any visible consent, disclosure, or data-classification checks. In a URL collection/summarization skill, users may submit internal, authenticated, or personal pages, making silent external transmission materially risky.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script fetches arbitrary URL content and then forwards that content to an AI summarization component, likely involving external network transmission to an LLM provider, without any explicit user consent, warning, or data-handling notice. This can leak sensitive page contents, intranet resources, token-bearing URLs, or private documents to third-party services, and the skill context increases risk because the tool is designed to ingest user-provided links automatically for storage and summarization.

Ssd 1

Medium
Confidence
96% confidence
Finding
Untrusted webpage content is concatenated directly into the LLM prompt, allowing malicious pages to include instruction-like text that can override the intended summarization task, manipulate output, or induce leakage of adjacent prompt context. Because this skill explicitly fetches arbitrary URLs from the internet, prompt injection is a realistic threat and more dangerous in this context than in a closed-content workflow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal