ClawHub

unified-digest

Security checks across malware telemetry and agentic risk

Overview

This skill appears to manage subscriptions, but its automatic startup prompts and persistent preference storage need user review before installation.

Review this skill before installing. Only use it if you are comfortable with a startup subscription prompt, local retention of your topic and locale preferences, and downstream reuse of those defaults. Prefer a version that asks in your language, explains where state is stored before writing it, and provides clear inspect, opt-out, and delete commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly persists subscription choices and defaults to local files under the user's home directory, but the interaction flow does not instruct the agent to disclose that preferences will be stored. This creates a privacy and consent problem: users may reveal interests, language, timezone, and delivery preferences without understanding they are being retained across sessions and shared with downstream skills.

Natural-Language Policy Violations

High
Confidence
95% confidence
Finding
The startup flow hardcodes a Chinese prompt and the host integration example passes --lang zh, while the shared-defaults example sets language to zh and timezone to Asia/Shanghai before the user has opted into those settings. This can misrepresent user intent, bias onboarding, and store incorrect locale preferences that affect later behavior in downstream skills.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The wrapper command hard-codes `--lang zh`, causing the startup subscription prompt to be delivered in Chinese regardless of the user's locale or prior preference. This can mislead or pressure users into consenting to a subscription flow they do not fully understand, undermining informed consent and degrading the safety of the onboarding interaction.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The template hard-codes `--lang zh` in a pre-reply hook before any user interaction, causing the agent to proactively present subscription prompts in Chinese regardless of the user's actual locale or preference. In a session-start flow, this can create misleading or inaccessible consent UX, increasing the chance of uninformed opt-in or user confusion, especially because the hook runs automatically before normal routing.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The answer-routing logic only recognizes Chinese response tokens (`AI`, `医药`, `都要`, `暂不`, `不再提示`) with no documented fallback for other languages or free-form replies. Because this flow intercepts the user's first response after an injected prompt, restricting accepted answers can cause misrouting, failure to honor declines, or accidental enrollment-like behavior when users respond in another language or with natural language.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal