ClawHub
Back to skill

Security audit

Daily News Hardened

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it runs a small Python script to fetch public news trends, with no evidence of hidden data access, persistence, or destructive behavior.

Install and run this in a virtual environment or container, preferably with pinned dependency versions. Expect outbound requests to Baidu and Google Trends, and do not rely on the printed Beijing-time label unless the runtime timezone is confirmed or the script is fixed to use Asia/Shanghai time.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill invokes a Python script that fetches news from Baidu, Google, and other external sources, which implies network access, but the manifest does not explicitly declare that capability. Undeclared network behavior weakens permission transparency and reviewability, making it easier for a skill to access external services unexpectedly or expand its behavior without clear user awareness.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The code explicitly notes that server time may not be Beijing time, yet the returned string still claims '现在是北京时间 ...'. This creates a trust/integrity issue where users may make decisions based on a false timezone assertion, especially for a time-sensitive daily-news skill.

Unpinned Dependencies

Low
Category
Supply Chain
Content
beautifulsoup4
requests
feedparser
Confidence
94% confidence
Finding
beautifulsoup4

Unpinned Dependencies

Low
Category
Supply Chain
Content
beautifulsoup4
requests
feedparser
Confidence
98% confidence
Finding
requests

Unpinned Dependencies

Low
Category
Supply Chain
Content
beautifulsoup4
requests
feedparser
Confidence
97% confidence
Finding
feedparser

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
91% confidence
Finding
requests

Known Vulnerable Dependency: feedparser — 10 advisory(ies): CVE-2011-1157 (feedparser Cross-site Scripting vulnerability); CVE-2009-5065 (feedparser Cross-site Scripting vulnerability); CVE-2011-1158 (feedparser Cross-site Scripting vulnerability) +7 more

High
Category
Supply Chain
Confidence
90% confidence
Finding
feedparser

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal