ClawHub

News Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent news-monitoring helper, but users should secure the local dashboard before using notification tokens or API keys.

Install only if you trust the external Buzz repository it clones. Set a non-empty dashboard password, keep the service bound to localhost, avoid sharing URLs containing ?pw=, protect Discord/Telegram/API tokens, and stop the Node process when you no longer want monitoring.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Scope Creep

Medium
Confidence
87% confidence
Finding
The manifest declares only exec/read tools and node/npm binaries, while the skill's description explicitly claims real-time news aggregation and Discord/Telegram push notifications, which inherently require outbound network access. This mismatch is dangerous because it obscures the skill's actual operational requirements, making review and sandbox policy decisions less accurate and potentially encouraging hidden or undeclared network behavior elsewhere in the skill.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation repeatedly shows management requests carrying passwords, API keys, bot tokens, and webhook URLs over plain HTTP to a localhost service, but does not warn users that these values are sent unencrypted and may be exposed through shell history, process listings, browser history, local proxies, or port forwarding. While localhost reduces remote exposure, developer environments commonly include containers, SSH tunnels, reverse proxies, or shared hosts where this assumption breaks down.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill explicitly states that an empty dashboard password means no authentication is required, but does not warn that this exposes configuration-changing management endpoints to any local or network-reachable client depending on binding and deployment. Because these endpoints can set outbound webhooks, tokens, feeds, and monitoring behavior, unauthorized access could reconfigure the service, exfiltrate notifications, or disable protections.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal