ClawHub

local-model-router

Security checks across malware telemetry and agentic risk

Overview

This is a small tech-news digest skill with documentation and dependency hygiene issues, but the reviewed artifacts do not show malicious or high-impact behavior.

Install only if you want the tech-news digest behavior, not local model routing. Treat configured feeds as data that may be sent to a third-party translation service, avoid adding private/internal RSS sources unless that is acceptable, and do not provide broad API tokens unless the publisher updates the skill to document and implement those integrations clearly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill advertises operational behavior that reads from configuration files and writes output artifacts, but the manifest does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users and hosting platforms may grant trust based on incomplete capability disclosure, while the skill can still access local files through its code path.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented purpose materially differs from the observed behavior: the skill sends content to an external translation service, writes collected data and summaries to local files, and apparently does not implement several claimed news sources. This is dangerous because undisclosed outbound data transfer can leak fetched or user-provided content to third parties, and undocumented local persistence increases the risk of retaining sensitive material without user awareness.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script sends fetched text to an external translation service and also performs network retrieval from arbitrary configured RSS URLs without clear user disclosure or consent. In a skill context, this can expose third-party content, internal feed URLs, or usage metadata to external services and may violate user expectations or privacy requirements.

Unpinned Dependencies

Low
Category
Supply Chain
Content
feedparser>=6.0.0
requests>=2.31.0
python-dateutil>=2.8.0
Confidence
94% confidence
Finding
feedparser>=6.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
feedparser>=6.0.0
requests>=2.31.0
python-dateutil>=2.8.0
Confidence
95% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
feedparser>=6.0.0
requests>=2.31.0
python-dateutil>=2.8.0
Confidence
91% confidence
Finding
python-dateutil>=2.8.0

Known Vulnerable Dependency: feedparser — 10 advisory(ies): CVE-2011-1157 (feedparser Cross-site Scripting vulnerability); CVE-2009-5065 (feedparser Cross-site Scripting vulnerability); CVE-2011-1158 (feedparser Cross-site Scripting vulnerability) +7 more

High
Category
Supply Chain
Confidence
89% confidence
Finding
feedparser

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
96% confidence
Finding
requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal