ClawHub

yoooclaw-world-cup-match-talk-scene

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent sports-talk purpose, but it can broadly search phone notifications without explicit confirmation or app scoping.

Install only if you are comfortable with the agent searching recent phone notifications for football-related context. Prefer giving explicit app, group, and time limits, and avoid using notification mode when private chats, financial alerts, or workplace messages may appear. The scraper should also be treated cautiously because it disables HTTPS certificate verification.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The code creates an unverified SSL context with ssl._create_unverified_context() and uses it for every HTTPS request, which disables certificate validation and makes the scraper trust any presented certificate. This enables man-in-the-middle interception or content tampering, especially important here because the tool consumes remote content and turns it into local JSON output that may later be used by the agent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises querying phone notifications but does not clearly warn that notifications may contain sensitive personal, financial, workplace, or private chat content. Users may trigger notification access while believing they are only requesting sports commentary, leading to uninformed consent and privacy exposure.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill enables implicit invocation without any visible activation constraints, while its description includes access to phone notifications when requests mention notifications, fan groups, viewing groups, or reminders. That combination can cause the agent to trigger this skill in broader contexts than the user intended and potentially pull sensitive notification-derived data into outputs, increasing the risk of overcollection and privacy leakage.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Disabling TLS verification for outbound requests silently weakens transport security without informing the user, so the script may fetch spoofed or modified pages while appearing to behave normally. In this skill, that is more dangerous because scraped sports/news content can be poisoned and then reused as generated talking points or summaries.

Ssd 3

High
Confidence
97% confidence
Finding
The skill directs the agent to search recent phone notifications without restriction when the user does not specify scope. That broad default can sweep in unrelated messages, app alerts, and personal data, then transform them into natural-language output, creating a meaningful risk of over-collection and unintended disclosure.

Ssd 3

High
Confidence
96% confidence
Finding
The workflow mandates notification searches for requests involving groups, reminders, or derived talking points, which encourages access to potentially sensitive communications as part of normal operation. Even with later filtering instructions, the collection step itself expands exposure and raises the chance that private data from chats or alerts influences responses or is partially revealed.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal