ClawHub

Ai Daily

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Feedship-based AI news digest workflow, with some activation and scheduling caveats but no evidence of hidden, destructive, or deceptive behavior.

Install only if you use Feedship and are comfortable with subscription-derived article titles being processed by your configured LLM. Review the /tmp file behavior on shared machines, adapt the hard-coded Feedship path and timezone, and enable the cron command only after confirming the destination channel.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description includes broad trigger phrases like 'today's news summary' and 'daily briefing' that can match common user requests without clearly requiring feedship-specific intent. This can cause unintended activation, leading the agent to run network/local extraction workflows and generate outputs the user did not explicitly ask for.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manual trigger list contains short, ambiguous phrases such as 'daily digest', 'AI日报', and '生成简报' without boundaries or disambiguation rules. In a multi-skill environment, these phrases are broad enough to hijack unrelated user intents and trigger data-processing actions unexpectedly.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The cron example hard-codes Asia/Shanghai and describes scheduling at 8:00 AM Beijing time without user opt-in or fallback behavior. This can produce reports at the wrong local time, cause confusing automation, and create unauthorized recurring activity if users assume local defaults.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal