ClawHub

token-efficient-task-router

Security checks across malware telemetry and agentic risk

Overview

This skill is a visible task-routing and confirmation-gating guide, with no evidence of hidden execution, credential theft, exfiltration, or destructive behavior.

Install this only if you want an agent behavior-control skill that asks for scope, mode, and confirmation before larger work. Do not give it credentials or secret material; its own instructions do not require them. Non-Chinese users should set their preferred response language explicitly because many templates default to Chinese.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill text instructs the agent to read multiple local reference files and references platform contexts that may involve file access, but no explicit permissions are declared. In an agent platform that derives capabilities from skill behavior, this creates a transparency and consent gap: users and orchestrators may believe the skill is routing-only while it can trigger broader file, shell, or network-capable workflows through referenced resources or companion tooling.

Tp4

High
Category
MCP Tool Poisoning
Confidence
80% confidence
Finding
A description-behavior mismatch is dangerous because it can hide materially different operations behind a benign-sounding router skill. If the skill or associated package actually validates repositories, scans for secrets, or creates archives, users may authorize it under false assumptions, increasing the chance of unintended data exposure, excessive access, or supply-chain style abuse.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill hard-codes user-facing interaction options and example prompts in Chinese without offering a language-selection mechanism or adapting to the user's language. In an agent routing skill, this can cause user confusion, mis-consent on scope/test gates, and degraded usability or unsafe workflow choices if the user cannot reliably understand the confirmation prompts.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill hard-codes a language constraint ('100-800 Chinese characters') without any user-choice mechanism or stated operational need. This can cause user-intent mismatch, unsafe task execution in the wrong language context, and policy bypasses where downstream systems assume outputs follow the user's requested language or locale.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The protocol explicitly instructs the agent to begin with a fixed Chinese lock sentence and gives all first-turn examples and follow-up controls in Chinese, without requiring the user's language preference to be checked first. This can override user intent, degrade usability, and create unsafe communication gaps where users may miss important limits, confirmations, or safety-relevant guidance because it is delivered in an unexpected language.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The skill mandates Chinese output by default without checking the user's language preference or obtaining consent. In multi-agent or user-facing systems this can cause miscommunication, failed task review/approval, and unsafe execution decisions if the user cannot accurately understand the generated plan before confirming it.

Vague Triggers

Medium
Confidence
86% confidence
Finding
These generic router prompts are short, common conversational phrases that can plausibly appear in ordinary user interactions outside a clearly delimited skill context. In agent systems that auto-activate behaviors based on prompt similarity, this creates an activation-boundary weakness where the routing skill may trigger unintentionally and alter execution mode, file access scope, or confirmation flow without the user explicitly invoking the skill.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The calibration prompts describe broadly useful interaction preferences rather than uniquely identifiable skill commands, so they may be interpreted as general instructions in many unrelated conversations. This ambiguity weakens activation boundaries and can cause the skill's staged-execution logic to engage unexpectedly, potentially influencing task handling, scope selection, or confirmation gates in contexts where the user did not intend to invoke this skill.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The template is entirely in Chinese and instructs a fixed interaction pattern without offering any language selection or fallback. In a multi-agent or user-facing routing skill, this can cause users or downstream agents to misunderstand confirmation gates, scope, and risk disclosures, leading to incorrect approvals or unsafe execution decisions.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The template is entirely in Chinese and suggests Chinese-language reply options without any indication that the user opted into that language. In a task-routing skill, forcing an unexpected language can mislead users, reduce reviewability of agent actions, and cause consent or confirmation prompts to be misunderstood, which is a real safety and usability issue even if it is not code-execution dangerous.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal