ClawHub
Back to skill

Security audit

Daily News Brief

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed scheduled news-brief skill, with some auditability and dependency cautions but no artifact-backed evidence of hidden data theft, destructive behavior, or deception.

Before installing, confirm you trust the local SearXNG skill this package will execute, and enable the OpenClaw cron job only if you want recurring briefs sent through your configured messaging routes. Treat generated news as public web content and review channel destinations before turning on scheduled delivery.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

exec() call detected

High
Category
Dangerous Code Execution
Content
v3_script = Path(__file__).parent / "fetch_news_v3.py"
if v3_script.exists():
    with open(v3_script, "r", encoding="utf-8") as f:
        exec(f.read())
else:
    print("错误:fetch_news_v3.py 不存在")
    sys.exit(1)
Confidence
99% confidence
Finding
exec(f.read())

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This script expands its behavior by executing another Python file via exec and then invoking a separate skill from a workspace path, creating multiple implicit trust boundaries. In an agent skill environment, that makes the news skill more dangerous because compromise or drift in either dependent file can silently turn a benign news workflow into arbitrary code execution or unintended capability use.

Context-Inappropriate Capability

Medium
Confidence
78% confidence
Finding
The skill crosses a trust boundary by executing a script from ~/.openclaw/workspace/skills/searxng, a location that may be modified independently of this skill. If an attacker can replace or tamper with that external skill, running this news brief would execute attacker-controlled code with the current user's privileges.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that it can push generated briefs to QQ/微信/Telegram on a schedule, but it does not present a prominent user warning that enabling this feature will automatically transmit generated content to external messaging platforms. This can lead to unintended outbound sharing, privacy issues, or surprise automation, especially when summaries may include user-customized sources or internally relevant content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal