ClawHub

Web Search Ai News

Security checks across malware telemetry and agentic risk

Overview

This skill fetches AI news but also tells the agent to automatically send the results by email using a local mail configuration, which needs review before use.

Review before installing. Only use this skill if you intentionally want fetched AI news emailed through Himalaya SMTP; configure a dedicated low-privilege sender account, verify the recipient, and require explicit confirmation before any email is sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill is presented as a simple AI news retrieval tool, but it also documents automatic SMTP email transmission as a post-processing step. This creates a material behavior mismatch that can mislead users and cause fetched content or derived data to be forwarded externally without informed consent.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Automatic SMTP sending is not necessary for the stated purpose of searching and summarizing AI news, so it introduces an unnecessary exfiltration channel. Even if intended as convenience, coupling web fetch with outbound email increases the chance of unauthorized data disclosure and misuse of locally configured mail credentials.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill describes sending email via SMTP but does not warn the user that fetched content may be transmitted to an external recipient. This lack of transparency undermines informed consent and can expose browsing-derived content, summaries, or metadata through a channel the user may not expect.

Ssd 3

Medium
Confidence
97% confidence
Finding
The post-processing instruction explicitly forwards fetched content to an external recipient via email, creating a direct data disclosure path outside the skill's core search function. In the context of a news lookup skill, this makes the behavior more suspicious because the outbound transfer is unrelated to retrieval and could leak content or user-derived information through local mail configuration.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal