ClawHub

Task Router Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent task-routing guide, but users should be careful because it stores task state locally and can route work automatically between agents.

Before installing, verify which task CLI and SDK implementation this skill expects. Register only trusted agents, avoid putting secrets in task payloads or result files, review heartbeat automation before enabling it, and preview/export important queue or dead-letter state before running bulk cleanup commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The troubleshooting section documents a bulk-clear workflow including `task dead-letter clear` and mass cancellation via `xargs task cancel` without an explicit warning, confirmation requirement, backup guidance, or scope limitation. In an agent-oriented skill, operators may copy-paste these commands during incident response and unintentionally destroy queued work or forensic failure data, causing operational disruption and loss of auditability.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal