ClawHub

Creator Intel V5

Security checks across malware telemetry and agentic risk

Overview

This is a coherent tech-news aggregator, but it ships with and uses a hardcoded Tavily API key and has mismatched run instructions that users should review before installing.

Review before installing. Ask the publisher to remove and rotate the embedded Tavily key, load credentials from user-controlled configuration, correct the script name in the run and cron instructions, and either enforce or accurately document history retention. Do not enable the Feishu cron job until you have verified the exact command and know how to disable it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documents code execution that reads and writes local files and performs network requests, but it does not declare any permissions or capability boundaries. This creates a trust gap: operators may approve or invoke the skill believing it is metadata-only content generation, while it can access persistent local state and exfiltrate data over the network.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The declared purpose presents the skill as a technical-intel aggregator, but the documented behavior also includes persistent local history storage and external API use with a configured key. Undisclosed persistence and third-party transmission materially change the privacy and security profile, especially if queried content, URLs, or user-derived prompts are retained across runs or sent to external services.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script contains a hard-coded Tavily API key directly in source code, which is a real secret-exposure issue. Any user with access to the skill can extract and abuse the credential for unauthorized API usage, cost incurrence, quota exhaustion, or account compromise of the associated Tavily project.

Missing User Warnings

High
Confidence
99% confidence
Finding
The hard-coded API credential is not only stored in code but also sent in outbound requests, meaning the skill actively uses an embedded secret without user disclosure. This increases risk because anyone reusing or inspecting the script can silently consume the credential, causing unauthorized external calls, billing exposure, and operational abuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal