ClawHub

Farmos Workforce

Security checks across malware telemetry and agentic risk

Overview

This workforce skill fits a real HR scheduling purpose, but it needs Review because it can change sensitive employee records and broadcast schedule details without clear confirmation or audience limits.

Install only in a trusted FarmOS environment after verifying the auth script, role-mapping file, API permissions, and #farm-workforce membership. Require explicit confirmation before clock actions, creating requests, approvals/rejections, payroll exports, or posting schedule details, and avoid broadcasting personal reasons beyond authorized managers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
80% confidence
Finding
The manifest omits certifications/skills tracking and payroll export even though these are documented features. Incomplete disclosure reduces transparency around sensitive workforce and payroll-related functionality, which can cause improper approval or unsafe use.

Description-Behavior Mismatch

Low
Confidence
80% confidence
Finding
The manifest omits certifications/skills tracking and payroll export even though these are documented features. Incomplete disclosure reduces transparency around sensitive workforce and payroll-related functionality, which can cause improper approval or unsafe use.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to notify a Slack channel about workforce requests and schedule changes, introducing an external disclosure path beyond the stated purpose of querying workforce data. Because schedule, absence, and availability information can reveal sensitive employee details, broadcasting it to a channel without strict scoping or consent creates a real privacy and data-leak risk.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases and minimum viable input are broad enough to match ordinary conversation such as casual mentions of schedules or time off. In a skill that can create requests, clock actions, or notify others, overbroad activation increases the chance of unintended writes, notifications, or exposure of workforce data.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documented behavior says the bot should notify a team channel about time-off, absence, and schedule-related information without warning the user that their information will be shared. In workforce contexts, even limited schedule and leave data can be sensitive, and public or broad team disclosure may violate privacy expectations or policy.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal