ClawHub

Kisa Guideline Hub Repo

Security checks across malware telemetry and agentic risk

Overview

This skill has a clear automation purpose, but it can repeatedly write to Notion using local credentials and relies on external local code that is not included for review.

Install only if you intend to publish KISA/Boho guideline content into a specific Notion database. Use a least-privilege Notion token scoped to that database, review the separate security-news-module code before running, inspect the shared .env file for unrelated secrets, run collection before publishing where possible, and disable any LaunchAgent or cron schedule unless recurring automatic Notion updates are desired.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documents use of environment variables such as NOTION_API_KEY and database IDs, but the skill metadata does not declare corresponding permissions or clearly signal that it accesses secrets from the environment. This creates a transparency and least-privilege problem: users and platforms may not realize the skill can read sensitive configuration and use it to interact with external services.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill clearly performs automated collection and uploads both guideline content and downloaded PDFs to Notion, but the description does not prominently warn that data will be transmitted to an external workspace. This can lead to unintentional data exfiltration or compliance issues if users assume the workflow is local-only or do not understand where collected files are sent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The examples provide copy-pastable commands that perform collection and publication to Notion, including a scheduled automation path, but do not warn that these actions modify an external system. In an agent-skill context, this increases the risk of unintended external writes, especially if a user or downstream agent treats the examples as safe operational guidance rather than documentation.

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
# Already configured in LaunchAgent
# com.openclaw.security-news.plist
# Runs every hour automatically
```
Confidence
82% confidence
Finding
plist

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal