ClawHub

长期计划推进

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local planning and reminder skill; it writes plan state locally and can query fund prices, but I found no deception, credential access, account mutation, or destructive behavior.

Install only if you are comfortable with OpenClaw storing plan details, tasks, optional holdings, and fund codes in local memory files. Avoid putting brokerage credentials, account numbers, or sensitive financial records into plans. Treat fund-code tracking as a third-party quote lookup, and confirm fuzzy or bulk task-completion actions before relying on the updated plan state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The module performs outbound network requests to a third-party fund API to update user asset snapshots, but the skill metadata and description do not disclose that it transmits fund identifiers externally. In a planning/asset-tracking skill, undisclosed external connectivity creates privacy, compliance, and trust risks because user financial holdings metadata may be exposed to a third party without explicit consent or documentation.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
`smartMatch` declares a `planName` parameter but ignores it, then scans all active plans and uses the first active plan for batch matching. In a multi-plan environment, a user action intended for one plan can be matched against unrelated tasks in other plans, causing unintended task disclosure or incorrect state changes when paired with completion logic.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation phrases are broad everyday language such as '今天计划任务' and related variants, making unintended invocation plausible during normal conversation. In a skill that automatically creates, updates, pauses, and archives files and trigger state, accidental activation can lead to unwanted state changes and notifications even without explicit user intent.

Vague Triggers

High
Confidence
97% confidence
Finding
The natural-language completion logic accepts highly ambiguous phrases like '全部完成了', '前N个', and fuzzy mappings such as '卖了'→'止盈', with scores ≥80 auto-completing tasks. Because completion changes persistent plan state and may affect later reviews, reminders, and financial-action prompts, an ordinary conversational utterance could incorrectly mark tasks done at scale.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill performs automatic writes to plan files, trigger configuration, and index data, but the user-facing description does not clearly warn that invoking the skill can persistently modify local memory. This weakens informed consent and increases the risk of silent state changes from accidental activation or misunderstanding of what the command will do.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill automatically queries an external fund API for asset tracking, but provides no clear privacy or network-use warning to the user. Even if only fund codes are sent, this still creates unannounced external requests tied to user financial planning context and could expose sensitive interests or behavior patterns.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
`markTaskComplete` rewrites the task file based on substring matching (`includes(taskText)`) and performs the change without any built-in confirmation, validation, or exact task identity check. Combined with fuzzy matching elsewhere, this can silently mark the wrong task as completed, leading to integrity loss in planning data and potentially unsafe downstream automation based on task status.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill metadata uses broad trigger phrases such as “开一个长期计划”, “今天计划任务”, “阶段复盘”, “滚动下一阶段”, and “列出所有计划”, and the template file reinforces generic usage like auto-filling a plan from a simple phrase. These phrases are common natural-language requests and can cause accidental invocation or collision with ordinary conversation, which may lead the agent to create, modify, or reveal plan data when the user did not intend to use this skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal