ClawHub

Sec Daily Digest

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cybersecurity digest tool whose internet fetching, AI-provider use, local history, and optional email delivery fit its stated purpose.

Install only if you are comfortable with a tool that fetches public internet sources, stores local digest state, and may send collected content to the selected AI provider. Use --dry-run, --no-twitter, or the Ollama provider for lower external exposure, and avoid --email for confidential digests unless the mail account and recipient are approved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly encourages optional full-text fetching, AI-provider scoring, Twitter/X collection, and email delivery, but it does not clearly warn that article content, URLs, account metadata, and generated digest data may be transmitted to third-party services. In a security-research workflow, this can expose sensitive browsing interests, collected content, or unpublished internal source lists to external providers without sufficiently informed user consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises an email delivery feature via gogcli/Gmail OAuth but does not clearly warn that enabling `--email` causes generated digest content to be transmitted to an external recipient and relies on a third-party mail tool/account. This can lead to unintended exfiltration of potentially sensitive summaries, source selections, or internal research notes if users enable it without understanding the privacy implications.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The `--enrich` option fetches full article text from external websites, but the skill does not clearly disclose that this creates outbound network requests to third-party domains. That can reveal user interests, monitored topics, or operational patterns to external sites and may be undesirable in sensitive research environments.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This provider sends the full prompt text to Google's Gemini API, which is a third-party external service, and there is no indication in this code of any user notice, consent flow, or data minimization before transmission. If prompts can contain sensitive user, system, or secret data, this creates a real data exposure and compliance risk even though the implementation appears to be standard and not malicious.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
This code sends article title, description, source name, link, and potentially full article text to an external AI provider via options.provider.call(prompt). If article content can contain sensitive, proprietary, or personal data, this creates a real data-exposure risk because the transfer happens without any consent check, redaction, policy gate, or indication in this code that disclosure is enforced elsewhere.

Ssd 1

Medium
Confidence
96% confidence
Finding
Untrusted article title, description, link, source name, and optional fullText are interpolated directly into the scoring prompt as plain instruction-adjacent text. A crafted article can embed prompt-injection content such as requests to ignore prior instructions or emit malformed JSON, causing the model to mis-score content, misclassify items, or break downstream parsing and ranking logic.

Ssd 1

Medium
Confidence
97% confidence
Finding
The summary prompt places raw descriptions and full-text excerpts directly beside the governing instructions, creating a clear semantic prompt-injection path. Malicious article text can steer the model to ignore formatting requirements, insert attacker-chosen narratives, or produce misleading summaries/recommendations that propagate into later stages such as highlights or publication.

Ssd 1

Medium
Confidence
95% confidence
Finding
The highlights prompt consumes user-derived summaries and titles directly in the same prompt that asks for trend synthesis. If upstream summaries are attacker-influenced or malformed, they can semantically redirect the model's final output, causing manipulated macro trends, hidden instructions, or credibility-damaging misinformation in the generated brief.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal