ClawHub

HR Workforce Dashboard 人力看板

Security checks across malware telemetry and agentic risk

Overview

This HR dashboard skill mostly does what it claims, but it needs Review because its generator can delete existing files in the chosen output folder without a clear warning.

Install only if you are comfortable running it in a fresh, empty output directory. Do not point --output-dir at a home folder, shared drive, project root, or any folder containing files you need. Treat uploaded spreadsheets and generated dashboards as sensitive HR data, and review clipboard/email contents before sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
`cleanup_output_dir()` recursively deletes `png`, `excel`, and `ppt` subdirectories and removes files in the user-supplied output directory. Because `--output-dir` is externally controlled and there is no safety boundary, confirmation, or path allowlist, a mistaken or maliciously chosen directory can cause destructive data loss outside the expected dashboard workspace.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The generated dashboard loads ECharts from `cdn.jsdelivr.net`, so opening the local HTML causes a network fetch and execution of remote JavaScript. That breaks the claimed self-contained artifact model and creates a supply-chain and privacy risk: workforce dashboard viewers may leak access metadata to a third party and could execute attacker-controlled code if the CDN asset is tampered with or replaced.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly describes a feature that copies the full dashboard to the system clipboard and automatically launches a system or enterprise email client. In an HR context, the copied content may contain sensitive workforce data, so triggering cross-application data transfer without a clear warning, consent step, or privacy notice creates a real risk of unintended disclosure or user surprise.

Vague Triggers

Medium
Confidence
77% confidence
Finding
Using the very broad trigger term `看板` can cause the skill to activate for unrelated dashboard requests, increasing the chance that HR-oriented business logic processes the wrong files or intercepts a more appropriate skill flow. In an agent ecosystem, overbroad triggering can lead to unintended data handling and misrouting of user tasks, especially when the skill reads attachments and writes generated artifacts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal