ClawHub
Back to skill

Security audit

The Short News

Security checks across malware telemetry and agentic risk

Overview

This is a read-only paid news API skill, with one under-documented billing-balance instruction users should treat cautiously.

Install only if you are comfortable giving the agent a scoped theshort.ai API key and allowing credit-consuming news lookups. Use a limited, revocable key, monitor credit usage, and do not let the agent call the undocumented billing endpoint unless the provider documents its authorization and returned data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill is documented as a news-retrieval integration, but the workflow instructs the agent to call an undeclared billing endpoint outside the stated skill scope. This creates scope creep and may cause an agent to access account or wallet information that the user did not request or expect, increasing the risk of unintended exposure of billing metadata.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest and top-level description present the skill as a news intelligence tool, but the instructions expand behavior into account billing and wallet inspection. This mismatch can mislead integrators and agents about the real capability surface, which is dangerous because hidden or undocumented privilege expansion often leads to overbroad access and disclosure of sensitive account data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:39