ClawHub

Kisa Guideline Hub

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do its advertised Notion publishing job, but it depends on unreviewed sibling code and ambient workspace secrets while encouraging automatic runs.

Install only if you trust and have reviewed the referenced security-news-feed module as well as this skill. Use a least-privilege Notion integration limited to the intended database, avoid automatic LaunchAgent or cron runs until manual testing is complete, and do not expose .env contents in logs or support screenshots.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill explicitly instructs use of environment-stored secrets such as NOTION_API_KEY and database IDs, but the skill declares no permissions or trust boundary for accessing environment variables. This creates an implicit secret-access capability that can expose credentials to any invoked code path and makes review and consent harder for operators.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script deliberately modifies sys.path and changes the working directory so it can import and execute code from a different skill repository. That creates an unexpected trust boundary crossing: running this skill also runs whatever code is present in the sibling 'security-news-feed' tree, which could be replaced, tampered with, or behave differently than this skill's advertised purpose suggests.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation describes automatic PDF download plus upload to Notion without an explicit warning about external data transfer, retention, or the effects of unattended execution. Even if the data source is expected, users may not realize files and metadata are being moved across systems automatically, increasing the chance of unreviewed publication, policy violations, or accidental dissemination.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends collected guideline content, metadata, URLs, and attached files to Notion over the network with no confirmation prompt or explicit disclosure at the point of execution. In an agent/skill context, silent external transmission is security-relevant because users may not realize scraped content and local file references are being published to a third-party service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal