ClawHub

OpenClaw News Watcher

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but it needs review because a copied README command can send Telegram output to a fixed chat ID and scraped web text is passed into the main OpenClaw agent.

Review before installing. Replace any hardcoded Telegram recipient with your own chat ID, run summarization in an isolated or tool-limited OpenClaw session if available, and only enable cron or background mode if you want continuous polling and automatic Telegram messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The script executes a Node subprocess using a script path taken directly from the OPENCLAW_MJS environment variable, while comments imply this is inherently safe. Any party able to influence the environment can cause execution of an arbitrary local JavaScript file with the privileges of this process, which is effectively arbitrary code execution even though execFileSync avoids shell injection.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill clearly states it will push AI-generated summaries to Telegram, but the documentation does not prominently warn users that scraped article content and derived summaries may be transmitted off the local monitoring flow to a third-party messaging platform. This creates a meaningful transparency and privacy risk because users may run the skill assuming it only performs local monitoring, while publication content and processed outputs are forwarded externally.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill sends scraped full article content to an external AI agent process without clear user-facing disclosure, consent flow, or data handling controls. This creates a privacy and data-governance risk because third-party content and potentially sensitive scraped material are transmitted outside the watcher process, and prompt content may also be logged or retained by downstream systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal