ClawHub

bedtime-story-generator

Security checks across malware telemetry and agentic risk

Overview

This sleep-audio skill mostly matches its purpose, but it needs review because it can read local WeChat account-token context files and create an ongoing daily message sender.

Install only if you are comfortable with this skill downloading audio from DozyTale/OSS, sending messages through linked chat accounts, reading local OpenClaw WeChat account context files, and creating a daily scheduled sender. Before enabling nightly pushes, confirm the target account and time, and know how to list and remove the dozytale-nightly cron job.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill advertises a chat-based sleep-audio experience but also creates a persistent cron job that sends proactive outbound messages. This materially expands behavior from on-demand assistance to recurring automation, which can surprise users and create consent, spam, and privacy risks if scheduled without clear up-front disclosure and explicit opt-in.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill reads local WeChat token context files to enumerate account identifiers and extract a user ID for message delivery. Accessing local credential/context data unrelated to the immediate user prompt is a sensitive capability escalation and can expose identifiers or misuse another account context without transparent user authorization.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The usage examples include very broad natural-language phrases like 'can't sleep' and 'help me relax' that can plausibly appear in ordinary conversation, increasing the chance the agent invokes this skill unintentionally. In a chat-driven system that auto-routes based on user text, this can cause misfires, unexpected outbound voice messages, and confusion or privacy issues if content is sent over connected messaging platforms without the user explicitly requesting this specific action.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill proposes recurring proactive outreach without clearly surfacing that behavior in the top-level description or documenting the ongoing automated nature of the messages. This weakens informed consent and can lead to unexpected repeated contact and retention/use of schedule-related personal preferences.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill silently reads local messaging account token files to extract a WeChat user ID, yet there is no explicit user-facing warning that local account data will be accessed. This is dangerous because it uses sensitive local state outside the immediate conversation flow and could target or expose identifiers the user did not knowingly provide.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill performs remote network fetches for manifests and audio assets without clearly warning users that content and metadata will be retrieved from external servers. While expected for media delivery, undisclosed outbound requests can expose usage patterns, IP/network metadata, and create trust issues around third-party content sources.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal