ClawHub

Agent2RSS - AI Content to RSS Feed

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it can expose RSS channel tokens through its examples and dry-run output, so users should review it before use.

Install only if you intend to publish content through Agent2RSS. Verify the serverUrl before every upload or publish action, do not push sensitive drafts, avoid sharing DRY_RUN output, and rotate any channel token that was copied from the examples or exposed in logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly relies on shell execution (`bash`, `curl`, `jq`) and performs networked operations, but the metadata does not declare permissions or equivalent capability boundaries. This creates a transparency and policy-enforcement gap: an agent may invoke shell-based actions and outbound requests without users or the platform being clearly informed, increasing the risk of unintended command execution or data transmission.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger description is broad and ambiguous, covering generic terms like RSS channels, pushing articles, uploading articles, creating channels, setting defaults, and idempotency. Overbroad activation can cause the skill to run in contexts the user did not intend, which is especially risky here because the skill can execute shell commands, modify local config, store tokens, and send content to a remote server.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation includes realistic bearer tokens directly in example requests and responses without clearly labeling them as dummy secrets or warning users not to paste real credentials into shared docs, logs, or terminals. Even if the shown token is illustrative, normalizing disclosure of bearer tokens increases the risk of accidental credential leakage and misuse because these tokens appear sufficient to modify channels and publish content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The file upload example shows sending `article.md` to a remote host but does not warn that the selected file and its contents will be transmitted off-device. In an agent skill context, that omission matters because users may assume a local operation and unintentionally upload sensitive drafts, internal documents, or proprietary data to the external service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal