ClawHub

每日热榜

Security checks across malware telemetry and agentic risk

Overview

This is a coherent public hot-news aggregation skill with disclosed local storage and optional scheduled delivery, but users should review the external backend and notification setup before enabling them.

Install this only if you want a local public hot-news aggregator. Inspect the separate DailyHotApi backend before deploying it, disable automatic history if you do not want local retention, and enable Feishu or scheduled push only after confirming the destination, credentials, and how to turn it off.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (16)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares no permissions, yet the documentation clearly indicates use of environment variables, local file read/write for historical data, and network access to a local API plus outbound push behavior. This creates a transparency and trust problem: users and reviewers cannot accurately assess what the skill can access or persist, which increases the chance of unintended data exposure or misuse.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The declared purpose emphasizes hot-list querying and browsing, but the documented behavior expands into local persistence, history management, scheduled push delivery, and broader aggregation features. This mismatch can mislead users about the actual data lifecycle and operational scope, making them less likely to understand retention, monitoring, or delivery side effects.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The security note states that user data is stored locally and not uploaded to the cloud, yet the same README describes use of a backend API and Feishu push delivery. This creates a potentially misleading privacy representation: users may consent under the assumption that no data leaves the local environment when notifications or API requests could transmit query terms, preferences, or monitoring data to external services.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The function fetches data from every configured platform before applying the user's selected tags, which exceeds the apparent least-privilege behavior implied by the skill design. In a multi-platform aggregation skill, this can unnecessarily increase outbound requests, collect more third-party data than needed, and create denial-of-service, quota, privacy, or policy-compliance issues if invoked repeatedly.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The code comments and function description state tag-based retrieval, but the implementation performs full-platform collection first. This mismatch is dangerous because reviewers, operators, and downstream callers may rely on the documented narrower behavior and fail to account for the larger network, privacy, and resource footprint.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README includes very broad natural-language trigger phrases such as everyday conversational requests, which can cause the skill to activate when a user did not clearly intend to invoke it. In an agent environment, ambiguous triggers increase the risk of unintended execution paths, especially when the skill also supports monitoring, history access, and push-style behaviors.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README describes setting up monitoring and timed push notifications as if they are simple conversational actions, but it does not warn that these may create persistent state, ongoing background behavior, or outbound notifications. This is dangerous because users may unknowingly authorize continuous monitoring or automated messaging without clear consent, visibility, or a way to revoke it.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The README describes scheduled push behavior and message delivery without clearly warning that this creates ongoing notifications and external side effects. In an agent context, recurring actions can persist beyond the initial request and may send data or messages automatically, which increases the risk of surprise behavior, spam, privacy leakage, or misuse if the user did not clearly consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises automatic saving of hot-list data and scheduled pushing to Feishu, but does not present an explicit warning about persistence, retention, or outbound delivery. This is dangerous because users may unknowingly enable ongoing collection and transmission of data, which can create privacy, compliance, and operational risks.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# DailyHotApi Skill - 依赖列表

# 核心依赖
requests>=2.28.0
aiohttp>=3.8.0

# 可选依赖(用于测试)
Confidence
96% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 核心依赖
requests>=2.28.0
aiohttp>=3.8.0

# 可选依赖(用于测试)
pytest>=7.0.0
Confidence
96% confidence
Finding
aiohttp>=3.8.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
aiohttp>=3.8.0

# 可选依赖(用于测试)
pytest>=7.0.0
pytest-asyncio>=0.20.0
Confidence
90% confidence
Finding
pytest>=7.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 可选依赖(用于测试)
pytest>=7.0.0
pytest-asyncio>=0.20.0
Confidence
90% confidence
Finding
pytest-asyncio>=0.20.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
89% confidence
Finding
requests

Known Vulnerable Dependency: aiohttp — 10 advisory(ies): CVE-2024-52303 (aiohttp has a memory leak when middleware is enabled when requesting a resource ); CVE-2026-34514 (AIOHTTP has CRLF injection through multipart part content type header constructi); CVE-2026-34517 (AIOHTTP has late size enforcement for non-file multipart fields causes memory Do) +7 more

High
Category
Supply Chain
Confidence
87% confidence
Finding
aiohttp

Known Vulnerable Dependency: pytest — 1 advisory(ies): CVE-2025-71176 (pytest has vulnerable tmpdir handling)

Low
Category
Supply Chain
Confidence
74% confidence
Finding
pytest

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal