ClawHub

Monitor Tasks

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate OpenAnt monitoring skill, but it can auto-run authenticated account commands and mark notifications as read from broad prompts.

Install only if you want an agent to access your OpenAnt account dashboard. Use explicit OpenAnt wording when invoking it, and require confirmation before read-all, watch, or any wallet command beyond balance checks; prefer a pinned or pre-vetted CLI version if supply-chain stability matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill claims all commands are read-only and should be executed immediately, yet it includes `notifications read-all`, which changes account state. This can cause the agent to perform a state-changing action without meaningful user awareness, potentially clearing unread indicators and hiding information the user expected to review later.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad enough to match common conversational requests like 'any updates?' or 'what's new', which can cause unintended invocation of this skill in contexts the user did not mean to involve OpenAnt. In combination with the skill's autonomy language, ambiguous routing increases the chance of silent account queries or follow-on state changes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to mark all notifications as read after processing without prominently warning that this mutates user state. That can erase unread status, interfere with the user's workflow, and make important notifications easier to miss, especially if the skill is auto-invoked from vague prompts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal