ClawHub
Back to skill

Security audit

Cross Channel Daily Review

Security checks across malware telemetry and agentic risk

Overview

The skill coherently creates local cross-channel review summaries and indexes, with disclosed lifecycle helpers and no evidence of hidden exfiltration or destructive behavior.

Install only if you want conversation-session data summarized into persistent local review files. Use generate-only or explicitly confirm the destination before any external delivery, and review retention/archive settings and the local rules.md promotion behavior if the summaries may include sensitive or business-confidential content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The validation report documents tested capabilities that materially exceed the skill’s declared daily-review scope, including retention planning, archive execution, and lifecycle operations. This mismatch is dangerous because operators or downstream systems may rely on incomplete metadata and expose higher-risk functionality involving data retention, archival, or broader automation than users expect.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The workflow mutates a persistent rules file based on synthesized review content, extending behavior beyond simple report generation into lasting state change. If upstream channel data is attacker-controlled or poisoned, this creates a persistence channel where malicious or incorrect guidance can be promoted into future runs and influence later outputs.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The script orchestrates retention planning, archival readiness checks, archiving, and record mutation even though the skill is described as a daily review and summary workflow. That scope mismatch is dangerous because users or integrators may invoke the skill expecting read-oriented summarization, while hidden lifecycle-management behavior can alter or relocate data unexpectedly.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
These calls perform archival and then mark records as archived, which are state-changing actions with durable data-management consequences. In the context of a skill advertised for simple daily review, this is more dangerous because it can silently change record availability, affect auditability, or cause downstream systems to treat content as retired without informed user consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill describes creating files, updating indexes, generating summaries, and potentially pushing outputs on a recurring basis, but it does not prominently require explicit user consent or warning before external delivery and persistent writes. In a cross-channel review context, this can expose sensitive conversation summaries or create unintended records without the user fully understanding where data will be stored or sent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The fallback rule allows delivery to a different verified destination when the preferred destination is unavailable, but does not require renewed approval before rerouting content. In this skill, the content is a synthesized cross-channel review and boss summary, so automatic fallback can leak sensitive summaries to the wrong audience or channel, creating both confidentiality and integrity risks.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The retention cycle creates a temporary candidate file and may archive data and mutate record status without any user-visible warning, confirmation, or interactive checkpoint. For a reusable cross-channel review skill, the lack of disclosure and consent increases the chance of unintended data retention changes and makes misuse or accidental invocation harder to detect before damage occurs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.