ClawHub

qqbot-daily-news-briefing

Security checks across malware telemetry and agentic risk

Overview

This skill is a plausible news-briefing automation tool, but users should review it because its delivery scripts can send reports to a hard-coded QQ recipient and its secret/outbound-delivery guidance is under-scoped.

Before installing, inspect both delivery scripts and replace the hard-coded QQ target with your intended recipient, then run manual test delivery before enabling cron. Prefer a dedicated, permission-restricted config file or secret manager for API keys rather than adding secrets to shell profiles, and verify any external baidu-search helper before letting it receive your Baidu API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation tells users to append API keys and target identifiers directly into shell startup files like ~/.bashrc without warning about credential exposure. Startup files are broadly readable to the user, often get copied into backups or dotfile repos, and may unintentionally expose secrets to subprocesses or other tooling.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill is explicitly designed to deliver generated briefings to external messaging channels, but the documentation does not clearly warn users that news content, generated commentary, and destination identifiers will be transmitted off-host. In a multi-channel automation skill, lack of an outbound-data notice increases the chance of unintended disclosure or compliance issues.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide instructs users to export and persist an API key in common shell startup files and system-wide environment locations, but it does not warn about secret exposure through file permissions, shell history, process environments, backups, or multi-user systems. While storing secrets in environment variables is common, recommending persistent plaintext placement without secret-handling guidance increases the chance of credential leakage.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The configuration instructs users to enable automated delivery through external messaging channels but does not warn that generated content and attached files will be transmitted off-host, nor does it advise verifying the recipient/channel before sending. This can lead to accidental disclosure of sensitive briefings, wrong-recipient delivery, or unintended data sharing via third-party platforms.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal