ClawHub

team-efficiency-daily-report

Security checks across malware telemetry and agentic risk

Overview

This is a coherent reporting skill that uses an authenticated dashboard to generate local team efficiency reports, with sensitive-data handling that users should configure carefully.

Install only if you are authorized to access and retain the configured dashboard data. Review config.json URLs before running, use a least-privilege browser account when possible, protect the local output directory, and add the cron job only if unattended recurring collection is intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly describes automated access to an internal efficiency reporting system, browser-driven filter changes, data extraction, and local persistence of collected data and generated reports, but it does not warn users about privacy, authorization, or data-handling implications. In a workplace context, these reports may contain employee performance and delivery metadata, so silent collection and storage increases the risk of unauthorized processing, oversharing, and retention of sensitive operational data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly captures XHR API request payloads, modifies request parameters, fetches data, and saves results locally, yet the description does not warn about these behaviors. Captured payloads and stored reports may include tokens, identifiers, business metrics, or other sensitive operational data, increasing the risk of inadvertent exposure or retention beyond user expectations.

Session Persistence

Medium
Category
Rogue Agent
Content
通过 cron 每天自动生成日报:

```bash
crontab -e
```

添加:
Confidence
72% confidence
Finding
crontab -e

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal