ClawHub

Succession Plan

Security checks across malware telemetry and agentic risk

Overview

This skill is a local succession-planning task helper with plaintext local storage, but the reviewed artifacts do not show hidden network access, credential use, privilege escalation, or destructive behavior.

Install only if local plaintext storage is acceptable for the succession information you plan to enter. Avoid putting confidential employee assessments, candidate notes, or transition details into it unless the chosen data directory and backups are appropriately protected, and verify the installed command maps to the reviewed local scripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest presents a specialized succession-planning tool, while the body describes a generic CLI task tracker. In a security context, deceptive or inconsistent packaging is dangerous because users may grant the skill access or trust appropriate for HR planning while it performs broader data collection and retention functions than advertised.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The implementation is materially inconsistent with the declared skill purpose: it behaves as a generic personal task manager rather than a succession-planning tool. In an agent ecosystem, this kind of capability mismatch is dangerous because users and orchestrators may grant trust, permissions, or invoke the skill under false assumptions, enabling undisclosed data collection and unintended behavior.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The inline documentation explicitly states the tool is a productivity/task manager, directly contradicting the published succession-planning description. This contradiction is a strong indicator of deceptive or mispackaged functionality, which increases the risk that the skill is being used outside its declared trust boundary and may mislead users about what data it processes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documented `clear` command removes completed items but provides no warning, confirmation, or recovery guidance. Because the skill stores planning data locally and may be used for sensitive succession activities, silent destructive operations can cause accidental loss of records that users may rely on for continuity, audit, or compliance purposes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill states that every command is logged to `history.log` with timestamps but gives no privacy or sensitivity warning. In the context of succession planning, command arguments may include employee names, roles, assessments, or transition details, so undisclosed history logging can create a secondary repository of sensitive HR data and increase exposure during local compromise or routine file sharing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script stores user-provided task content and activity history in local files under the user's data directory, but the help text does not clearly disclose that detailed content and command history are persisted. Undisclosed persistence is risky because users may enter sensitive staffing or succession information assuming ephemeral processing, leading to unintended local exposure through backups, shared accounts, or endpoint compromise.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal