ClawHub

Founder Daily Brief

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local daily-brief generator with normal cautions around sensitive founder inputs and markdown file output.

Install if you want a local founder daily brief generator. Avoid pasting confidential details, credentials, regulated personal data, or raw calendar dumps when summaries will do, and run it in a folder where creating Founder_Brief markdown files is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs writing an output file to the current working directory, which is a state-changing file operation, but no explicit permissions are declared. This creates a mismatch between the skill's apparent trust boundary and its actual capabilities, increasing the risk of unintended file writes or abuse if the skill is auto-invoked.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases include broad terms like daily digest, daily standup, 每日更新, and 晨间简报, which overlap with many common productivity requests outside the intended founder-brief use case. Overbroad activation can cause the skill to run in inappropriate contexts, potentially collecting unnecessary personal data or performing unintended actions such as file creation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to save a file in the current working directory without warning the user or obtaining consent. Silent file creation is dangerous because it alters the local environment unexpectedly and may overwrite user files, create clutter, or be chained with broad triggering to perform unapproved writes.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal