ClawHub

Web Change Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a user-directed webpage monitoring skill with expected local storage and page fetching, but users should understand its privacy and setup limitations.

Install only if you are comfortable with monitored URLs, timestamps, change details, and sometimes fetched HTML being stored locally in SQLite. Avoid private, authenticated, internal, or regulated pages unless that local retention is acceptable, and verify dependencies and notification behavior because the artifact documents Feishu push but only includes message-building code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill declares no permissions while its content references capabilities equivalent to environment access and shell/code execution via an external script. That creates a transparency and trust problem: users and reviewers cannot accurately assess what the skill may access or run, increasing the chance of unintended local data access or command execution if the implementation matches the documentation.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The documented behavior does not fully match the described purpose: it introduces local SQLite persistence, subscription-tier enforcement, and claims Feishu pushing without showing actual delivery logic. Behavior-description mismatches are dangerous because they prevent informed consent, can hide data retention or billing-related logic, and make users believe notifications are being sent when they may not be.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad enough to match many ordinary requests such as website monitoring, price tracking, or inventory alerts, which raises the risk of unintended invocation. Accidental activation can cause unsolicited web fetching, local storage of monitored content/history, and possible transmission of page metadata without the user intentionally opting into this skill.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill stores monitoring tasks and change history in a local SQLite database but does not clearly warn users up front. Undisclosed persistence is risky because monitored URLs, extracted content, and timing history may reveal sensitive interests, internal pages, or proprietary tracking targets, especially on shared or managed systems.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The skill says it pushes Feishu notifications but does not clearly warn that monitored page content or metadata may be included in outbound messages. This can expose sensitive URLs, content snippets, pricing intelligence, or internal monitoring targets to a third-party messaging platform without explicit user awareness.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The monitor fetches arbitrary user-supplied URLs and stores full page HTML in persistent SQLite fields (`last_content`) without any disclosure, minimization, or retention controls. This can capture sensitive data from authenticated or personalized pages and leave it stored locally long-term, increasing privacy and data-exposure risk if the host is shared or compromised.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The fetcher forces `Accept-Language: zh-CN,zh;q=0.9` for every request without user consent, which can change server responses, affect monitored content integrity, and leak a misleading locale preference to target sites. In a generic web-monitoring tool, silently overriding locale makes results less trustworthy and creates unnecessary privacy fingerprinting.

VirusTotal

No VirusTotal findings

View on VirusTotal