ClawHub

Farmos Tasks

Security checks across malware telemetry and agentic risk

Overview

This FarmOS task skill appears legitimate, but it can use local authentication to change farm task records and has broad activation and cross-module lookup behavior that users should review carefully.

Install only if you trust the FarmOS endpoint, the local auth helper, and the role file it reads. Require explicit user confirmation for every write action, not just task creation, and limit cross-module lookups to cases where the user asked for that context or it is clearly needed for the task.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill explicitly instructs the agent to access weather, equipment, observations, and marketing modules while handling task requests, expanding data access beyond the stated task-management scope. This can cause unnecessary collection and disclosure of operational context to users who only intended a task action, violating least-privilege and increasing the chance of unauthorized or surprise data exposure across systems.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases include very broad everyday language such as 'we need to...' and 'someone should...', which can cause the skill to activate on casual conversation rather than an intentional task-management request. In a write-capable skill, overbroad activation increases the risk of unintended prompting, unnecessary data retrieval, and pressure toward accidental task creation or status changes.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The 'minimum viable input' says any vague description of work is enough, even 'We need to do something about field 12,' which sets an extremely low bar for activation and interpretation. This ambiguity makes it easy for the agent to infer intent, pull in related data, or steer toward creating tasks from incomplete context, raising the likelihood of unauthorized or mistaken actions.

Missing User Warnings

Low
Confidence
79% confidence
Finding
The skill directs cross-module lookups but does not clearly warn users that a task request may trigger access to additional systems and reveal broader operational context. Even if each module is individually authorized, the lack of transparent notice can create surprise data exposure and weakens informed consent around what information the agent may surface.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal