ClawHub

Super Rss Agent

Security checks across malware telemetry and agentic risk

Overview

This is a coherent RSS reader skill that fetches user-selected feeds, stores article state locally, and documents its cleanup behavior.

Install only if you are comfortable with the skill contacting RSS or website URLs you add, storing subscriptions and article data in a local SQLite database, and deleting old read articles after scans unless you disable auto_purge. Treat feed content as untrusted text when asking an agent to summarize it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill clearly performs outbound network access and writes persistent data to a local SQLite database, yet the metadata shown in SKILL.md does not declare corresponding permissions or warn the user at the trust boundary. This is dangerous because users and orchestrators may authorize or run the skill under incomplete assumptions, enabling unexpected external requests and local state changes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README documents that read articles are automatically purged after 90 days by default, but this destructive behavior is presented as a feature rather than a prominent warning. In an agent skill context, users may invoke scan operations without realizing they trigger data deletion, creating a real risk of unintended loss of reading history or retained content.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documented features include feed auto-discovery, scan, HTML scraping fallback, health checks, test, and optional full-content retrieval, all of which can trigger outbound requests to arbitrary third-party URLs. Without an explicit warning, a user may supply sensitive internal URLs or unknowingly cause requests to untrusted hosts, increasing SSRF-like risk, privacy leakage, and unintended network activity.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states that scan automatically purges older read articles, but this deletion behavior is not surfaced as a prominent warning before normal use. Silent or poorly disclosed data deletion can cause loss of records a user expected to retain, especially when scans are automated via cron and the purge runs repeatedly without direct user review.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal