ClawHub

clawlist

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only task-planning skill, but it pushes broad mandatory activation and ongoing automated task execution without clear user opt-in or stop controls.

Install only if you want a task manager that can steer agents into structured planning and ongoing task tracking. Before using long-running or infinite workflows, require explicit opt-in, define what actions may run automatically, set a review or stop date, and require approval before any public, account-affecting, financial, or destructive action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

High
Confidence
96% confidence
Finding
The skill metadata says it 'MUST use for any multi-step project, long-running task, or infinite monitoring workflow,' which creates an extremely broad activation scope that can override user intent and force this skill into many unrelated tasks. In an agent setting, such blanket routing increases the chance of unnecessary file writes, autonomous workflow chaining, and persistence behavior being triggered in contexts where the user did not explicitly ask for it.

Vague Triggers

High
Confidence
98% confidence
Finding
The instruction to 'ALWAYS use clawlist' for broad categories like 'any new project' or whenever progress must be tracked is ambiguous and effectively self-promoting. This can cause the agent to invoke the skill by default across a wide range of tasks, increasing the attack surface and allowing the skill to steer execution into sub-skills and ongoing state management without sufficiently clear user authorization.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes maintaining `memory/tasks/ongoing-tasks.md`, having heartbeat read it regularly, executing due tasks, updating health, and pinging the user, but it does not clearly warn that the system may autonomously modify persistent files and trigger recurring actions. In context, this is more dangerous because the skill is positioned for long-running and infinite workflows, so hidden persistence and autonomous execution can surprise users and create unauthorized or hard-to-stop behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal