ClawHub

Kiro Creator Monitor Daily Brief

Security checks across malware telemetry and agentic risk

Overview

This skill’s network delivery and credential use fit its daily briefing purpose, but users should understand that delivered briefs leave the local environment.

Install only if you are comfortable sending the generated creator-monitoring briefs to the configured Telegram, Slack, or email destinations. Use dedicated low-privilege tokens, verify webhook and email recipients before enabling delivery, and avoid external delivery for sensitive monitoring topics.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tainted flow: 'req' from os.getenv (line 301, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
headers={"Content-Type": "application/json", "User-Agent": UA},
    )
    try:
        with urllib.request.urlopen(req, timeout=20):
            return None
    except Exception as e:
        return f"slack error: {e}"
Confidence
89% confidence
Finding
with urllib.request.urlopen(req, timeout=20):

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill mentions optional delivery to Telegram, Slack, or email but does not clearly warn that generated monitoring results will be transmitted to external services. Users may enable delivery without understanding that collected or synthesized content leaves the local environment, which increases the risk of unintended data disclosure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script can transmit generated brief content to Telegram, Slack, and email when --deliver is used, but there is no strong user-facing disclosure, preview, or confirmation at the point of transmission. In a skill context that aggregates data from multiple external sources, this increases the chance of unintentionally sending sensitive or proprietary monitoring results to third-party services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal