ClawHub

Daily Brief Digest

Security checks across malware telemetry and agentic risk

Overview

This daily briefing skill is not clearly malicious, but it needs review because it can read private email, calendar, and task data, keep permanent local copies, and send scheduled notifications without strong limits.

Install only if you are comfortable letting the skill use your configured email and calendar tools, save daily reports locally, and send summaries to your active messaging channel. Before enabling the cron job, use limited accounts or profiles where possible, confirm the notification destination, and periodically delete or protect ~/.openclaw/cron/DailyDigest_logs/ if those reports should not be retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The declared purpose is a simple daily brief, but the documented workflow also performs persistent local logging of sensitive content and broadens collection to tasks/contacts. That mismatch undermines informed consent and can cause users to expose or retain private email and calendar data without expecting it.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The workflow creates a permanent local log containing digest contents derived from emails and calendar events, then advertises that log location to the user. Persistent storage of potentially sensitive daily summaries increases exposure surface through local compromise, backup leakage, shared machines, or unintended long-term retention.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Querying tasks and contacts expands access beyond what is necessary for the stated function of summarizing emails, calendar events, and news. This violates data minimization and may surface unrelated personal or organizational information that the user did not intend to include in a daily brief.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script persists a full daily digest containing email subjects/senders, calendar events, tasks, and news into a predictable local markdown file under the user's home directory. This creates an unnecessary at-rest copy of potentially sensitive personal data without clear disclosure or retention controls, increasing exposure to local compromise, backup leakage, or accidental sharing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide states that the automated digest retrieves emails, calendar data, and news, then sends a summary to external messaging channels, but it does not warn users about the privacy implications or possible transmission of sensitive personal or work information. In the context of a scheduled unattended cron job, this is more dangerous because users may enable ongoing data collection and outbound messaging without realizing what information could be exposed.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The file write stores a rich personal digest to disk before any user-facing warning or consent, and the success message appears only after persistence has already occurred. Because the digest aggregates multiple sensitive data sources into one file, it can materially increase privacy risk and make exfiltration or local discovery easier.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs permanent logging of a digest composed of recent emails and calendar items to a predictable local path. Because those contents can include highly sensitive personal or business information, long-term plaintext retention materially raises confidentiality risk and makes the skill more dangerous in the context of a personal productivity assistant.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal