ClawHub

Sovereign Daily Digest

Security checks across malware telemetry and agentic risk

Overview

This daily digest skill has a useful purpose, but it can collect personal local data, contact third-party services, print/save the results, and set up recurring execution without enough scoping or confirmation.

Install only if you are comfortable with it reading local task/calendar files and GitHub issue context, writing digest archives under ~/.openclaw, and contacting third-party services for weather, quotes, and feeds. Review the config before first run, disable sources you do not want summarized, avoid email sending unless you explicitly review the recipient and content, and do not enable cron or other scheduled execution until you inspect the exact command and know how to remove it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (13)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill expands beyond digest generation into scheduling persistent jobs and sending the digest by email, which introduces system-modification and data-exfiltration behaviors not inherent to the core purpose. These extra capabilities increase attack surface and can surprise users if invoked without strong consent and safety checks.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The privacy statement claims all fetched data stays local, but the skill instructs outbound requests to third-party services such as wttr.in, zenquotes.io, RSS feeds, and potentially GitHub or IMAP servers. This mismatch can mislead users about where their data and metadata are sent, undermining informed consent and privacy expectations.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The scheduling example, "Schedule my digest for 6:30 AM every weekday," is an action-oriented natural-language trigger that could be interpreted by an agent as authorization to create persistent scheduled tasks. Because the README also documents cron/launchd/Task Scheduler setup, this broad phrasing increases the chance of unintended system changes if the platform auto-executes such requests without explicit confirmation.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The README advertises scheduling and automatic cleanup early in the document without prominently warning that these features can create persistent system configuration changes and delete archived output over time. In an agent skill context, under-disclosure of persistence and cleanup behavior can mislead users or downstream tooling about the operational impact of enabling the skill.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Broad trigger phrases like 'daily report' or 'summarize my day' can overlap with ordinary conversation and cause the skill to activate unintentionally. Because this skill reads local files, contacts network services, and may create files, accidental activation can lead to unintended data access or side effects.

Vague Triggers

Low
Confidence
86% confidence
Finding
The sample invocations reinforce ambiguous trigger language without clarifying when the skill should or should not activate. This increases the likelihood of accidental execution, especially in assistants that rely on fuzzy matching or natural-language routing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The scheduling flow modifies crontab or creates scheduled tasks, which are persistent system changes, but the instructions do not require a strong warning or confirmation explaining the lasting impact. Persistent execution can continue accessing files and network resources long after the original interaction, making accidental or misunderstood consent especially risky.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instruction to 'send this to [email]' enables external transmission of potentially sensitive digest contents without any explicit privacy warning or confirmation step. Since the digest may include calendar events, tasks, news preferences, and email summaries, sending it externally can disclose personal or organizational information.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script makes several outbound requests to third-party services, including connectivity checks and later weather/news/quote fetches, without explicit user consent or a clear warning about what data is being sent. Even though the initial probe at this location does not itself include rich personal data, the overall skill sends user-derived context such as location and potentially reveals usage patterns and IP-based metadata to external services.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script reads local personal data sources such as ~/todo.txt, ~/tasks.md, calendar files, and GitHub issues, then compiles them into output files under a persistent directory without an upfront privacy warning. This can expose sensitive personal and work information if the digest is later shared, synced, or accessed by other local users or processes.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are generic productivity terms such as 'daily digest', 'morning briefing', and 'summarize my day', which are likely to overlap with ordinary user requests. This can cause unintended skill invocation, leading the agent to run the skill and access or aggregate user data sources when the user may have only intended a general summarization request.

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
# Edit crontab
crontab -e

# Add this line for 7:00 AM every day
0 7 * * * cd ~/.openclaw/skills/daily-digest && bash scripts/digest.sh --format both
Confidence
91% confidence
Finding
crontab -e

Session Persistence

Medium
Category
Rogue Agent
Content
### macOS (launchd)

Create `~/Library/LaunchAgents/com.openclaw.daily-digest.plist` with the appropriate schedule.

### Windows (Task Scheduler)
Confidence
88% confidence
Finding
plist

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal