ClawHub

AI News Aggregator

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed news-digest skill that fetches public content, summarizes it with an AI provider, and posts to Discord, with user-facing risks around accidental posting and prompt-influenced summaries.

Install only if you want automated digests sent to your configured Discord webhook. Start with --dry-run or a test channel, use limited-scope API keys, avoid sensitive custom topics, and review important posts because external source text can influence the generated summary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill explicitly documents access to environment variables and multiple network endpoints, yet the metadata does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users and any permission framework may not be able to accurately assess or restrict the skill before execution, despite it handling API keys and posting externally to Discord.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger description is broad enough to match ordinary requests for news, digests, trending topics, or YouTube updates on any subject. Overbroad activation can cause the skill to run unintentionally, leading to unplanned network calls, use of API-backed services, and posting content to Discord when the user did not specifically intend to invoke this skill.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill embeds untrusted titles, sources, and URLs from RSS, Twitter, Tavily, and YouTube directly into the LLM prompt, then posts the resulting model output to Discord. Malicious or crafted content can inject instructions into the model's context, causing misleading summaries, unwanted links, spammy content, or policy-bypassing text to be published downstream.

Ssd 1

Medium
Confidence
96% confidence
Finding
The model call uses only a single user-role prompt that mixes instructions with untrusted external content, which makes semantic prompt injection much easier. A malicious article title or tweet can compete with or override the intended summarization task, leading to untrusted content shaping the Discord post in ways the operator did not intend.

External Transmission

Medium
Category
Data Exfiltration
Content
| Endpoint | Purpose | Condition |
|----------|---------|-----------|
| `https://api.openai.com/v1/chat/completions` | AI editorial summarisation | Only if `provider=openai` (default) |
| `https://api.deepseek.com/chat/completions` | AI editorial summarisation | Only if `provider=deepseek` |
| `https://api.anthropic.com/v1/messages` | AI editorial summarisation | Only if `provider=claude` |
| `https://discord.com/api/webhooks/...` | Post digest to Discord | Always (required) |
Confidence
88% confidence
Finding
https://api.openai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
| Endpoint | Purpose | Condition |
|----------|---------|-----------|
| `https://api.openai.com/v1/chat/completions` | AI editorial summarisation | Only if `provider=openai` (default) |
| `https://api.deepseek.com/chat/completions` | AI editorial summarisation | Only if `provider=deepseek` |
| `https://api.anthropic.com/v1/messages` | AI editorial summarisation | Only if `provider=claude` |
| `https://discord.com/api/webhooks/...` | Post digest to Discord | Always (required) |
| `https://techcrunch.com/.../feed/` | RSS news (AI topic) | Default AI topic only |
Confidence
86% confidence
Finding
https://api.deepseek.com/

External Transmission

Medium
Category
Data Exfiltration
Content
|----------|---------|-----------|
| `https://api.openai.com/v1/chat/completions` | AI editorial summarisation | Only if `provider=openai` (default) |
| `https://api.deepseek.com/chat/completions` | AI editorial summarisation | Only if `provider=deepseek` |
| `https://api.anthropic.com/v1/messages` | AI editorial summarisation | Only if `provider=claude` |
| `https://discord.com/api/webhooks/...` | Post digest to Discord | Always (required) |
| `https://techcrunch.com/.../feed/` | RSS news (AI topic) | Default AI topic only |
| `https://www.theverge.com/rss/...` | RSS news (AI topic) | Default AI topic only |
Confidence
86% confidence
Finding
https://api.anthropic.com/

External Transmission

Medium
Category
Data Exfiltration
Content
| `https://techcrunch.com/.../feed/` | RSS news (AI topic) | Default AI topic only |
| `https://www.theverge.com/rss/...` | RSS news (AI topic) | Default AI topic only |
| `https://www.nytimes.com/svc/collections/...` | RSS news (AI topic) | Default AI topic only |
| `https://api.tavily.com/search` | Custom topic news search | Only if `TAVILY_API_KEY` set |
| `https://api.twitterapi.io/twitter/tweet/advanced_search` | Twitter search | Only if `TWITTERAPI_IO_KEY` set |
| `https://www.googleapis.com/youtube/v3/...` | YouTube search | Only if `YOUTUBE_API_KEY` set |
Confidence
72% confidence
Finding
https://api.tavily.com/

External Transmission

Medium
Category
Data Exfiltration
Content
| `https://www.theverge.com/rss/...` | RSS news (AI topic) | Default AI topic only |
| `https://www.nytimes.com/svc/collections/...` | RSS news (AI topic) | Default AI topic only |
| `https://api.tavily.com/search` | Custom topic news search | Only if `TAVILY_API_KEY` set |
| `https://api.twitterapi.io/twitter/tweet/advanced_search` | Twitter search | Only if `TWITTERAPI_IO_KEY` set |
| `https://www.googleapis.com/youtube/v3/...` | YouTube search | Only if `YOUTUBE_API_KEY` set |

Exactly one AI endpoint is contacted per run, determined by the active provider. The default provider is OpenAI (`OPENAI_API_KEY` required). Switch providers with `--provider deepseek` or `--provider claude`.
Confidence
74% confidence
Finding
https://api.twitterapi.io/

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal