ClawHub

谛听.skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed ScoutX digest tool that stores preferences locally, fetches public feeds, and can set up scheduled OpenClaw delivery when explicitly applied.

Before installing, confirm you trust the bundled feed endpoints and only use configure-service or feed URL overrides as an operator. Use preview or the install-openclaw-cron dry run first, and only run --apply when the schedule and delivery target are correct. Do not provide API tokens or credentials; the skill does not need them for normal use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
results = []
    for job in jobs:
        completed = subprocess.run(
            job["args"],
            check=False,
            capture_output=True,
Confidence
87% confidence
Finding
completed = subprocess.run( job["args"], check=False, capture_output=True, text=True, )

Tainted flow: 'request' from os.getenv (line 1036, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
)

    try:
        with urllib.request.urlopen(request, timeout=timeout) as response:
            raw = response.read().decode("utf-8")
    except urllib.error.HTTPError as exc:
        body = exc.read().decode("utf-8", errors="replace")
Confidence
92% confidence
Finding
with urllib.request.urlopen(request, timeout=timeout) as response:

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill claims to provide personalized briefings, but it also installs and modifies OpenClaw cron jobs for scheduled delivery. That hidden expansion of capability creates persistence and autonomous behavior not justified by the stated purpose, making misuse materially more dangerous in an agent ecosystem.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The skill executes external OpenClaw CLI commands to enumerate, delete, and install cron jobs, which is a privileged host-side capability unrelated to merely preparing a digest. In context, this makes the skill capable of changing agent runtime behavior and persistence, so the mismatch between description and actual power is security-significant.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal