ClawHub

RSS Daily Digest

Security checks across malware telemetry and agentic risk

Overview

This skill performs a coherent RSS-to-Markdown digest workflow, with ordinary caution needed around local output files and an unpinned Python dependency.

Install only if you are comfortable with the skill fetching the listed RSS feeds, installing `feedparser` if needed, saving digests in your home directory, and creating a temporary JSON file at `/tmp/openclaw-rss-articles.json`. Avoid using it unchanged on shared or multi-user systems unless the temporary file handling is made unique or user-scoped.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The script documentation states that output is emitted to stdout for downstream consumption, but the implementation also writes the full fetched article set to a fixed path in `/tmp`. This creates an undocumented persistence side effect that can leak feed contents, create cross-process data exposure on shared systems, and mislead callers that expect no filesystem writes.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The inline comment claims stdout output for agent consumption, but the code also performs an undocumented write to `/tmp/openclaw-rss-articles.json`. In an agent skill, hidden side effects are risky because other local users or processes may read or overwrite the predictable file, and operators may not realize data is being retained beyond process lifetime.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill writes output into ~/openclaw-output/digests/ without prominently warning users in the description or obtaining explicit consent at invocation time. Silent writes to the home directory create persistence and privacy risks, especially in a skill that may be triggered by casual language and may run regularly or process potentially sensitive feed configurations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Writing fetched feed data to a fixed filename under `/tmp` is a real security weakness because `/tmp` is typically shared and the path is predictable. This can expose the digest contents to other local users, enable tampering or symlink-based attacks in some environments, and cause one run to overwrite another run's data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal