ClawHub

briefing-visualizer简报转手机长图

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: create a mobile-friendly briefing image locally, with normal caution needed because it runs a Python script and headless Chrome.

Install only if you are comfortable running a local Python script that launches Chrome. Use trusted briefing content and banner images, avoid confidential or unauthorized scraped material, and review generated HTML before rendering when it includes external links, scripts, or third-party assets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs the agent to execute a local shell command (`python3 process_briefing.py ...`) and to use Chrome headless for rendering, but the skill declares no permissions for shell/code execution. Even though this appears intended for legitimate image generation, undeclared execution capability is dangerous because user-controlled file paths and content could lead to unsafe command invocation, unexpected local file access, or execution in environments that rely on permission declarations for sandboxing and review.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill advertises transformation of structured briefing content, but the implementation loads arbitrary local HTML into a full Chrome engine. Rendering untrusted HTML can execute active content, fetch remote resources, and abuse browser file/origin behavior, making the capability substantially broader and riskier than the stated purpose.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Launching an external browser subprocess to process user-controlled content expands the attack surface beyond simple image generation. Even without shell injection, a real browser may perform network access, load external assets, and expose the host to browser-engine risks or unintended local file rendering behaviors.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The publish guide advertises 'AI-assisted content fetching' as a core capability but does not describe what sources may be accessed, what user data may be transmitted, or what consent and validation controls exist. In a skill that processes user-provided briefing content, this omission can lead to unexpected network access, leakage of sensitive business information, or fetching untrusted external content into the workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal