ClawHub

Book Of The Day

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed daily book recommendation skill with an expected external API fetch and optional scheduled posts, with no evidence of hidden or destructive behavior.

Install only if you are comfortable with the skill contacting the configured book API when invoked. Run the cron command only if you want automatic daily posts to Telegram or Slack, and inspect any separate one-click private-API installer before executing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation explicitly tells users to directly copy and execute a publisher-provided 'one-click install command' that can automatically install the skill and write configuration, without any verification, origin validation, or warning about command review. This creates a supply-chain and social-engineering risk: a malicious or compromised publisher could provide a command that performs unintended actions on the user's system.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manifest includes several broad natural-language trigger phrases such as "book of the day" and "today's book" that can plausibly appear in ordinary conversation, increasing the chance the skill activates when the user did not explicitly intend to invoke it. Because the skill performs a fresh external fetch on each invocation, accidental triggering can also cause unintended outbound requests and unexpected behavior.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to perform a network request to an external service on every invocation but does not clearly disclose that user interaction metadata may be sent off-platform. Even if the request only includes a date today, the invocation itself can still leak timing, IP/server-side metadata, and usage patterns to a third party without meaningful user notice.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal