ClawHub

Morning Wakeup

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: check weather and play a matching preset on a user-named Sonos speaker.

Install only if you want the agent to control a Sonos speaker. Confirm the local sonos CLI is trusted, check the speaker name and volume, and remember that the configured city or coordinates are sent to Open-Meteo for weather lookup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation describes network-dependent behavior such as fetching weather from Open-Meteo and geocoding user-supplied locations, but no corresponding permissions are declared. This creates a transparency and policy-enforcement gap: users and hosting platforms may not realize the skill can make outbound requests, which weakens security review and consent controls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The declared description understates the operational impact of the skill: beyond choosing a preset, it can geocode locations, set speaker volume, and trigger playback on a named Sonos device via an external CLI. That mismatch is dangerous because users may authorize or invoke the skill expecting passive recommendation behavior when it actually performs physical-device control and external network activity.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill sends user-supplied location data to third-party geocoding and weather services without any visible consent, notice, or privacy controls. Location can be sensitive personal data, and even though the destination APIs appear legitimate, transmitting it externally without disclosure creates a real privacy risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal