ClawHub

Google News Api

Security checks across malware telemetry and agentic risk

Overview

This news skill appears purpose-aligned, but it should be reviewed because it asks users to paste an API key into chat and can send news queries to BrowserAct after broad trigger phrases.

Install only if you are comfortable sharing your Google News search terms with BrowserAct. Configure BROWSERACT_API_KEY outside chat, avoid sensitive queries, and treat unexpected prompts for the API key as a reason to stop and configure the credential manually.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill directs the agent to read an environment variable and invoke a Python script that performs external API/network access, but it declares no permissions or trust boundaries. This creates hidden capability escalation: an agent or user may invoke a skill without realizing it can access secrets and send data off-host.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill claims to scrape Google News, but it actually sends user-supplied search terms to a third-party BrowserAct workflow service. This is a supply-chain and transparency issue: users and reviewers may believe data stays within a simple scraper, while inputs and results are processed externally by another provider with its own data handling, logging, and execution behavior.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases like 'find news about', 'track trends', and 'monitor PR' are broad, common language patterns that can cause unintended auto-activation in normal conversation. Unintended triggering is risky here because the skill can prompt for credentials and initiate networked data collection without sufficiently specific user intent.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to ask the user to paste an API key into the chat, which is an insecure secret-handling pattern. Chat transcripts are often stored, logged, or exposed to downstream tooling, so this can lead to credential leakage and later abuse of the BrowserAct account or associated services.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal