ClawHub

Supercharged Daily Briefing

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent daily briefing tool, but it needs Review because its privacy and safety claims understate scheduled web fetching, stored user interests, chat delivery, and optional dashboard data sync.

Install only if you are comfortable with your briefing topics, source URLs, fetched content, archives, and delivered summaries passing through your agent, web search/fetch providers, chat channel, and any dashboard backend you enable. Verify scheduling, retention, delete/reset safeguards, and the broken scheduler/setup scripts before enabling recurring briefings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Low
Confidence
92% confidence
Finding
The setup prompt instructs the agent to search the filesystem for a matching skill package and then copy files from whatever directory matches a text pattern. That broad discovery behavior expands access beyond the immediate workspace and can cause the agent to read from unintended locations or install a spoofed package if multiple or attacker-controlled copies exist.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises 24/7 monitoring, local storage, and a searchable archive, but does not clearly disclose retention duration, what data is stored, or the scope of ongoing network activity. In a skill that continuously fetches external content and persists results, this omission can mislead users about privacy and operational behavior, increasing the risk of unintended data retention and surprise background activity.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The usage trigger is extremely broad and includes catch-all phrasing such as 'anything related,' which can cause the skill to activate on ambiguous requests that the user did not intend for this workflow. In this skill, unintended invocation is more dangerous because activation can lead to web fetching, persistent storage of user interests/feedback, and scheduled behavior changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description does not clearly warn users that the skill continuously fetches external content and stores personalized data such as topics, source registries, feedback history, and archived briefings on disk. This creates a transparency and consent problem: users may unknowingly authorize ongoing monitoring and retention of potentially sensitive professional interests.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The spec includes destructive data-management capabilities such as 'clear archive' and 'reset sources' without requiring confirmation dialogs, warnings, or recovery options. In a dashboard that manages persisted briefing history and source configuration, this creates a realistic risk of accidental or unintended data loss, especially if these actions are exposed through a UI or agent-driven workflow.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The example uses a very broad natural-language command, "Add cybersecurity to my briefing," to trigger a state-changing action. If the skill implements similarly permissive intent matching, ordinary conversation, quoted text, or third-party content could accidentally cause topic additions without clear user confirmation, leading to unauthorized preference changes and possible downstream source ingestion.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal