ClawHub

Kpop Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a coherent K-pop update tracker with scoped local state and optional scheduled checks, not a hidden or destructive skill.

Install only if you are comfortable with the skill browsing public K-pop, social, fan, and store sources, and keeping a local list of followed artists plus reported links in your workspace. If you enable automatic updates, review the cron jobs and remove them when you no longer want twice-daily reports. Verify ticket, merch, signed-album, and price information on official sites before acting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill explicitly instructs creation and maintenance of `config.json` and `check_history.json`, which means it performs persistent file writes despite declaring `primaryEnv: none` and not disclosing file permissions in metadata. Hidden stateful behavior increases risk because users and the platform may treat the skill as a read-only lookup tool while it actually modifies workspace data.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The manifest presents the skill as an idol-update tracker, but the instructions also create local directories/files, maintain user tracking state, and parse/store structured metadata for artists and members. This mismatch is security-relevant because users may invoke the skill expecting transient search only, while it persists profile-like data and changes local state behind the scenes.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill includes instructions to install persistent cron jobs that proactively run twice daily and report via webchat. Scheduled autonomous actions expand the attack surface beyond a normal user-initiated lookup and can generate ongoing activity, data collection, and notifications after the original interaction ends.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
The skill stores and updates local tracking state in `config.json` and `check_history.json`, but that persistence is not surfaced in the top-level description. While not inherently malicious, undisclosed state can surprise users, retain more data than expected, and create privacy or integrity issues if the workspace is shared.

Vague Triggers

Medium
Confidence
78% confidence
Finding
Broad triggers such as `solo` and `idol updates` are generic enough to match ordinary conversation, increasing the chance of unintended skill activation. In this skill, accidental activation is more concerning because the skill can write files and potentially establish persistent scheduled tasks, not merely answer a one-off query.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The instructions tell the agent to create and modify persistent config/history files if they do not exist, but there is no prominent upfront warning that local workspace data will be written. Undisclosed persistence can violate user expectations, especially in shared or sensitive workspaces, and makes unintended activation more harmful.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The cron-job setup creates persistent scheduled behavior and outbound reporting via webchat, but the skill does not provide an upfront warning about these lasting side effects. Users may not realize the skill can continue running after the session, producing repeated network activity and notifications.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal