ClawHub

tech-news-brief

Security checks across malware telemetry and agentic risk

Overview

This skill openly automates tech-news collection, local report generation, DOCX conversion, ZIP packaging, and email delivery, with no artifact-backed evidence of hidden exfiltration or malicious behavior.

Install only if you want an agent to gather recent technology news, create local MD/DOCX reports, zip them, and email them to SMTP_TO. Use app-specific SMTP credentials, avoid passing passwords on the command line, keep any .env file private, confirm the recipient and ZIP contents before sending, and adjust the writing guide if you need neutral reporting instead of a China-strategy brief.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The guide mixes a requirement for objective, neutral summarization with a mandatory China-oriented evaluative frame, creating conflicting instructions that can systematically bias outputs while appearing objective. In an agent skill, this is dangerous because it can silently steer analysis toward a predetermined national or organizational perspective without explicit user consent.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The document forbids the agent from adding its own political or value judgments, but later requires preserving 'our side's position,' which introduces an undisclosed viewpoint into supposedly neutral summaries. This contradiction can cause the agent to embed institutional bias while masking it as objective reporting.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README advertises very broad natural-language trigger phrases such as asking generally about recent AI news, which can cause the agent to launch a multi-step workflow without clearly confirming intent. In this skill, activation leads to web fetching, local file generation, ZIP packaging, and email sending, so an ambiguous request could trigger external actions the user did not explicitly authorize.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README describes an end-to-end automated workflow that writes report files locally and transmits a ZIP archive via email, but it does not prominently warn users about these side effects or require explicit approval. This is dangerous because users may invoke the skill expecting summarization only, while the agent performs filesystem writes and external data transmission using configured credentials.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad enough to match ordinary requests for tech news, which can cause the skill to activate unexpectedly and begin a workflow that includes scraping, file generation, and email delivery. Because this skill performs external actions beyond simple answering, overbroad activation increases the risk of surprise execution and unintended data transmission.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill description promises end-to-end completion through email delivery in a single conversation, but does not prominently warn the user that generated content will be sent externally. This undermines informed consent and can lead users to trigger exfiltration-like behavior without realizing the workflow includes transmission to an email recipient.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly depends on SMTP credentials and automated email delivery, yet the workflow does not present a prominent consent checkpoint before using those secrets to transmit generated content. A user may believe they are only requesting summarization, while the skill is equipped to use sensitive environment variables to send data off-platform.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
Mandating a China-first perspective for China-related technology news imposes a locale-specific analytic lens by default, regardless of user intent or context. That can bias outputs, reduce model neutrality, and create covert steering in downstream summaries or intelligence products.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
Requiring all China-related news to include impact on China's industry or strategic environment forces a predetermined framing that may be irrelevant to the source material or user request. In a writing skill, this increases the risk of slanted summaries and pressure to infer strategic meaning beyond the evidence presented.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
Directing the agent to preserve 'our position' during enforced shortening prioritizes ideological or organizational stance over factual completeness and neutrality. This is particularly risky in a summarization skill because truncation pressure can amplify selective omission and produce systematically biased outputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal