ClawHub

Creator Alpha Feed

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AI-content collection and briefing workflow, but users should review sharing destinations and automation settings before use.

Before installing, verify the Feishu chat ID, Obsidian vault path, and whether you plan to run it from cron. Use a dedicated browser session for X/Twitter if possible, avoid collecting private pages or notifications, and review generated reports before enabling group posting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs use of bundled shell scripts (`scripts/collect-v4.sh`) and operational automation, but no explicit permissions boundary is declared. That creates an execution-capability mismatch where a user may invoke a skill that can run local commands, read files, and potentially touch external systems without clear consent or scoping. In this context, the risk is elevated because the skill also reads config from local paths and writes reports to user-controlled destinations.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script logs and summarizes that Feishu delivery was completed even though no send operation is actually performed. This can mislead operators into believing notifications succeeded, causing missed reports, failed monitoring, and delayed response to pipeline issues. In this creator-publishing automation context, false success reporting is more dangerous because the skill is explicitly intended for unattended scheduled brief delivery.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The script presents an 'AI analysis' phase but, when no analysis exists, it silently creates a placeholder report that looks like a real generated deliverable. This can lead downstream users or automations to consume incomplete or fabricated output as if analysis succeeded, undermining trust and potentially driving bad editorial or operational decisions. Given this skill's purpose of automated daily ranking and publishing support, silent fallback behavior increases risk because fake success can propagate into scheduled workflows.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The description uses broad triggers like AI topic scouting, KOL tracking, industry updates, and briefing pushes, which can match many ordinary user requests and cause over-invocation. Over-broad routing becomes dangerous when paired with shell execution, browser automation, local file access, and outbound publishing because the skill may activate in situations where the user did not intend those side effects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill directs the agent to push results to a group channel and write full reports into an Obsidian vault, but provides no safety warning, confirmation step, or data-handling guardrails. This can leak scraped content, tracked-account data, config-derived paths, or other sensitive context into persistent storage or external channels, especially since the workflow also reads local configuration and may collect from logged-in sources.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The template instructs automatic file writes to fixed workspace/Obsidian locations and automatic Feishu group posting without any user confirmation, dry-run mode, or visibility control. In a scheduled/cron context, this can cause unintended disclosure of collected content, internal notes, or operational metadata to group chats and local knowledge bases, especially if environment variables point to production destinations.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script prepares extracted titles, URLs, authors, and source metadata specifically for submission to an external AI workflow and even prints example commands to send the task file to OpenClaw. While the data appears to be public content metadata rather than secrets, users are not clearly warned that collected material will be packaged for third-party processing, creating a transparency and data-governance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal