ClawHub

task-queue-by-model-source

Security checks across malware telemetry and agentic risk

Overview

The skill appears to implement a task queue, but it also sets up persistent background execution and broad triggers that could run work without clear user control.

Review before installing. Use it only if you explicitly want a persistent local task queue, and confirm exactly what files and cron or heartbeat entries it will create. Prefer disabling automatic scheduler setup unless you need it, and verify there is a clear stop, uninstall, or rollback path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill goes beyond task orchestration and instructs the agent to persistently modify host automation by registering heartbeat and cron-based execution. That creates durable background behavior that can continue invoking the skill outside the user's immediate request scope, increasing the risk of unintended task execution, resource consumption, and persistence on the host.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill explicitly edits HEARTBEAT.md and registers a cron job, which are host-level configuration changes unrelated to merely describing a queue abstraction. Self-modifying scheduler configuration can establish persistence, trigger repeated execution, and affect other workflows, making it a meaningful security concern even if presented as convenience automation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes broad phrases such as 'do this for me' and 'handle this,' which can match ordinary conversation and cause the skill to activate unexpectedly. In this skill, accidental activation is more dangerous because activation can enqueue tasks, write queue files, and immediately launch the dispatcher, potentially causing unintended background work and side effects.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger set includes broad phrases like 'do this for me', 'handle this', and 'send to', which are common in normal conversation and can cause the skill to activate unintentionally. Because the skill can write files, register heartbeat/cron entries, and spawn subagents, accidental activation increases the chance of unintended task execution and persistent side effects.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal