ClawHub

新闻早报

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed read-only news-hotspot skill that fetches from one API and only offers optional user-approved scheduling.

Before installing, confirm you are comfortable with requests to hotspot.api4claw.com when the skill is invoked. Review any generated cron command before running it, especially the target channel/user and the Asia/Shanghai timezone.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger list contains broad everyday phrases such as “今日热点”, “热点新闻”, and “早报”, which can plausibly appear in ordinary conversation and cause unintended skill activation. In a skill that can subsequently encourage scheduled execution and produce external network calls, over-broad triggering increases the chance of accidental invocation and confusing or undesired behavior.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
The skill hardcodes Asia/Shanghai for suggested scheduling without asking for the user’s locale or time preference. This is not a direct code-execution issue, but it can cause scheduled actions to occur at unintended times, which is especially relevant because the skill promotes cron setup.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The workflow mandates Beijing time as the execution basis for every run and treats that as authoritative, without offering user choice. In context this mainly creates integrity and usability risks rather than severe security impact, but it can still mislead users about freshness and timing of scheduled or status operations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal