ClawHub

ETH24

Security checks across malware telemetry and agentic risk

Overview

ETH24 appears to do what it says: collect public X/RSS content, rank it with AI, and save or draft a daily digest, with no hidden persistence or unrelated data access found.

Install it in a virtual environment, consider pinning the dependencies, use revocable least-privilege API keys, watch provider costs, and review the generated digest or Typefully draft before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Tainted flow: 'slot' from httpx.post (line 43, network input) → httpx.put (network output)

Medium
Category
Data Flow
Content
# PUT binary to presigned URL
    with open(image_path, "rb") as f:
        httpx.put(
            slot["upload_url"],
            content=f.read(),
            timeout=60,
Confidence
91% confidence
Finding
httpx.put( slot["upload_url"], content=f.read(), timeout=60, ).raise_for_status()

Vague Triggers

Medium
Confidence
91% confidence
Finding
Several trigger phrases are generic enough to match normal user requests, such as 'daily digest', 'ethereum news', and 'top tweets'. In an agent environment, this can cause the skill to activate unexpectedly and perform networked actions when the user did not explicitly intend to invoke this specific skill.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill sends collected tweet and RSS content to a third-party AI provider without any visible disclosure, consent gate, or data-classification check in this file. That can create privacy, compliance, and operational risk if the input later includes sensitive or proprietary material, especially because the transfer is to an external service outside the local trust boundary.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The same undisclosed external transmission occurs for the xAI provider path. Even if the current inputs are intended to be public tweets and RSS items, the code does not enforce that constraint, so future or malformed inputs could be sent externally without awareness or approval.

Ssd 4

Medium
Confidence
95% confidence
Finding
Untrusted tweet and RSS text is inserted directly into the prompt as authoritative raw data, allowing prompt injection or prompt steering by crafted content in those sources. An attacker could bias rankings, manipulate commentary, or induce malformed output that breaks downstream processing, because the model is asked to rely on attacker-influenced natural language mixed with instructions and examples.

Unpinned Dependencies

Low
Category
Supply Chain
Content
feedparser
Pillow
httpx
Confidence
94% confidence
Finding
feedparser

Unpinned Dependencies

Low
Category
Supply Chain
Content
feedparser
Pillow
httpx
Confidence
97% confidence
Finding
Pillow

Unpinned Dependencies

Low
Category
Supply Chain
Content
feedparser
Pillow
httpx
Confidence
94% confidence
Finding
httpx

Known Vulnerable Dependency: feedparser — 10 advisory(ies): CVE-2011-1157 (feedparser Cross-site Scripting vulnerability); CVE-2009-5065 (feedparser Cross-site Scripting vulnerability); CVE-2011-1158 (feedparser Cross-site Scripting vulnerability) +7 more

High
Category
Supply Chain
Confidence
82% confidence
Finding
feedparser

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
95% confidence
Finding
Pillow

Known Vulnerable Dependency: httpx — 2 advisory(ies): CVE-2021-41945 (Improper Input Validation in httpx); CVE-2021-41945 (Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `http)

Critical
Category
Supply Chain
Confidence
90% confidence
Finding
httpx

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal