ClawHub

trump_news

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: fetches Trump-related public news and optional Truth Social posts, then translates and optionally delivers a Chinese summary.

Install only if you want a scheduled Trump-news summary workflow. Skip the Truth Social option unless you are comfortable providing account credentials or a token, pin/review the optional truthbrush dependency if you enable it, and add Telegram or cron delivery only after confirming the recipient and schedule.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs the agent to execute local Python scripts, access environment variables for credentials, and perform network requests, yet it declares no permissions. This creates a transparency and policy-enforcement gap: users and the runtime may not realize the skill can use shell, network, and secrets-bearing environment access, increasing the chance of unintended credential use or unauthorized external communication.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The stated purpose is mainstream/offical Trump news aggregation, but the behavior expands into authenticated Truth Social scraping and official document collection beyond ordinary news feeds. This mismatch can mislead users about what sources are accessed and what accounts/credentials may be used, causing consent and trust issues and potentially exposing the environment to unnecessary third-party authentication risk.

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The skill metadata says it pulls from official and mainstream wire-service sources, but this code optionally includes Truth Social content from an additional helper script and credentials. That undeclared source expansion changes the provenance and trust model of the generated output, which can mislead downstream users or agent logic and allow unreviewed content to be mixed into a supposedly curated feed.

Context-Inappropriate Capability

Medium
Confidence
76% confidence
Finding
A news aggregation script unexpectedly gains the ability to execute another local program, expanding behavior beyond simple fetching/parsing. In an agent setting, this broadens the attack surface and trust boundary, because any compromise, replacement, or unsafe logic in the child script will be transitively executed when this skill runs.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The cron example schedules automatic execution using a broad natural-language message that instructs the agent to fetch, translate, edit, and push content. Without explicit constraints or a confirmation boundary, scheduled runs may perform outbound actions automatically and could be more easily repurposed if the skill behavior expands or prompt handling is ambiguous.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to supply Truth Social credentials or a browser-derived token, including one extracted from local storage, but does not warn about account compromise, token sensitivity, storage handling, or scope minimization. This increases the risk of users exposing reusable secrets to the skill environment without understanding the consequences.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README states that content will be pushed to users and may be sent via Telegram, including from scheduled execution, without documenting privacy review, destination verification, or send confirmation. That creates a realistic risk of unintended disclosure of generated or fetched content to external recipients, especially in unattended runs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal