ClawHub

news-daily-report

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: fetches news, personalizes the order, and generates a local HTML daily report, but users should understand its personalization uses conversation/profile memory.

Install only if you are comfortable with the agent using conversation context or stored profile/memory to personalize news ordering. Review or delete the generated data/sorted_ids.json and output/daily_report.html if you do not want profile-derived interests or report contents retained locally, and consider asking the agent to use only preferences you state in the current request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs reading and writing local files and making an external network request, but no permissions are declared. That creates a transparency and governance gap: users and the platform cannot clearly evaluate or consent to the actual data access and exfiltration surface before execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the model to use conversation context and persistent memory-derived profile data for personalization without a user-facing privacy notice or consent step. This can cause users' inferred interests or stored attributes to be reused unexpectedly, including sensitive traits that may be reflected in outputs.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents an external API call for personalized content but does not warn users what preference or context-derived data may be sent or derived for that purpose. Even if only keywords are transmitted, the workflow encourages personalized processing tied to user interests, which creates a privacy risk without disclosure.

Ssd 3

Medium
Confidence
96% confidence
Finding
The instructions explicitly require using conversation context and persistent memory-derived profile data to shape output content. That creates a natural-language data exposure risk because private attributes can be echoed, inferred, or surfaced in recommendations and ranking rationale without the user intentionally re-sharing them in the current request.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill not only uses profile and memory data for ranking, but also instructs generating a sorting reason that can directly reveal private attributes such as interests, roles, or habits. This increases the chance of explicit disclosure of stored personal data in the visible output or saved artifacts.

Ssd 3

Medium
Confidence
95% confidence
Finding
The repeated mandate to use conversation-context profile and memory data normalizes reuse of stored user information across outputs. Repetition in operational guidance makes accidental over-collection and over-disclosure more likely, especially in a skill that writes derived artifacts to disk and generates shareable H5 content.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal