ClawHub

BlockBeats Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed BlockBeats news-monitoring tool that stores reports locally and can send them to a user-configured Telegram chat.

Install only if you are comfortable providing a BlockBeats Pro API key and Telegram bot token, and review the configured Telegram chat_id and storage.db_path. The local database may retain fetched content and generated reports until you delete or rotate it yourself.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly instructs execution of Python scripts that read and write local files, access SQLite, contact external BlockBeats and Telegram endpoints, and invoke shell commands, yet it declares no permissions. This creates a transparency and consent failure: an agent or user may authorize the skill without understanding that it has filesystem, network, and command-execution capabilities.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill documents that fetched content and metadata are stored in a local SQLite database but does not clearly warn users about persistent local storage. Persistent retention can create privacy, compliance, and disk-residue risks, especially when storing raw JSON and generated monitoring history over time.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill documents that fetched content and metadata are stored in a local SQLite database but does not clearly warn users about persistent local storage. Persistent retention can create privacy, compliance, and disk-residue risks, especially when storing raw JSON and generated monitoring history over time.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal