ClawHub

Daily Tongjian

Security checks across malware telemetry and agentic risk

Overview

This is a coherent history-reading skill that saves local reading progress and can generate lecture text, images, and narration, with no evidence of hidden data access or exfiltration.

Install if you want a daily Zizhi Tongjian lecture workflow. Use explicit wording such as text-only if you do not want image or voice generation, and review or delete ~/.openclaw/workspace/daily-tongjian/progress.json if you want to reset stored progress.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to read local reference files and write persistent state to `~/.openclaw/workspace/daily-tongjian/progress.json`, but no explicit permissions are declared. Undeclared file read/write capability creates a trust and containment problem: users and the platform may not realize the skill can access local files or persist data, and permission enforcement may be bypassed or misconfigured.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger set includes very generic phrases such as “通鉴”, “资治通鉴”, and “tongjian”, which are likely to appear in ordinary conversation, historical Q&A, or unrelated references to the text. This can cause unintended skill activation and override user intent, especially because the skill is configured to produce a long, multi-step output with progress updates, image generation, and voice narration by default.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad terms such as `通鉴`, `资治通鉴`, and especially `tongjian`, which can match ordinary discussion about the text rather than an intentional request to execute the skill. Overbroad triggers increase the chance of accidental activation, causing unintended file writes, progress changes, or generation actions the user did not request.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manual trigger section says users can invoke the skill by saying phrases like `今日通鉴` or `继续读通鉴` without defining strict activation boundaries or confirmation rules. In conversational systems, underspecified activation can make normal historical discussion invoke the skill, leading to unintended execution and state changes, especially because the skill defaults to multi-step generation and progress advancement.

VirusTotal

1/66 vendors flagged this skill as malicious, and 65/66 flagged it as clean.

View on VirusTotal