ClawHub

paper claw

Security checks across malware telemetry and agentic risk

Overview

This paper-digest skill fits its stated goal, but it needs review because the submitted package points to missing runtime files and has unclear boundaries for local config writes and email sending.

Install only after confirming you have the complete Paper Claw runtime and understand where it will write config, recipient, and state files. Do not provide real SMTP or LLM API credentials, enable scheduling, reset state, or send digests until you can preview recipients and run in a no-email or dry-run mode.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The documented behavior overstates the skill's capabilities and omits important operational details such as local configuration changes, limited source support, and unclear implementation of summarization/email features. This can mislead users or orchestrators into granting trust, permissions, or automation approval based on inaccurate expectations, which is dangerous in agent settings because hidden write-side effects and unsupported claims reduce informed consent and review.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill advertises automatic email delivery of generated digests without a prominent warning that content will be transmitted to configured recipients. In an agent context, this can cause unintended exfiltration of generated summaries, paper selections, or locally-influenced content to third parties, especially if recipient configuration is stale, incorrect, or attacker-controlled.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
Resetting processing state without warning can cause the system to re-fetch, regenerate, and potentially resend prior digests, leading to duplicate emails or repeated outbound activity. In automated environments this can create data leakage, spam, rate-limit issues, or confusion about whether content is new versus replayed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The function writes recipient email addresses and names directly to a persistent local file without any consent prompt, privacy notice, or protection controls. In an agent setting, this can silently store personal data on disk, increasing privacy, compliance, and unintended disclosure risk if the workspace is shared or later exfiltrated.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill exposes an email-sending function that can transmit generated digests to configured recipients, yet the tool description does not clearly warn that paper summaries and derived content will be sent externally. In an agent setting, weak disclosure around outbound transmission increases the chance of unintended data exfiltration, especially if digests ever include sensitive prompts, notes, or non-public source material.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal