ClawHub

news-agent-skills

Security checks across malware telemetry and agentic risk

Overview

This looks like a real news API helper, but it should be reviewed because it always sends a development authorization bypass to a configurable API endpoint and can trigger backend jobs.

Install only if you control or trust the target news backend. Keep NEWS_API_BASE_URL pointed at a trusted local or internal endpoint, avoid using the development bearer bypass against production, and treat crawl/analyze/trend commands as backend-changing operations that may consume compute or paid LLM/API quota.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tainted flow: 'BASE_URL' from os.getenv (line 8, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
if end_date:
        params["end_date"] = end_date

    resp = requests.get(f"{BASE_URL}/articles", headers=HEADERS, params=params, timeout=30)
    resp.raise_for_status()
    return resp.json()
Confidence
92% confidence
Finding
resp = requests.get(f"{BASE_URL}/articles", headers=HEADERS, params=params, timeout=30)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares no explicit permissions, yet its documentation clearly relies on environment variables and network access to interact with backend APIs. This creates a capability transparency gap: users or orchestrators may invoke a skill believing it is low-privilege when it can actually reach external/local services and consume configuration from the environment.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill exposes operational commands that trigger crawl, analyze, and trend jobs without warning that they may initiate outbound requests, consume paid LLM/API resources, modify backend state, or generate load on external/internal systems. In an agent setting, undocumented side effects increase the risk of unsafe automation and accidental task execution against production services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal