ClawHub

Task Dispatch

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed task-board automation helper, but users should install it only if they want an agent to run scheduled dispatches and update task state.

Review the ClawBoard repository before running its installer, use a least-privilege token, keep the workspace .env private and out of source control, and enable recurring dispatch only for task boards where automatic subagent execution and status updates are expected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill includes instructions to clone, install, and start a third-party service on the local machine even though the skill is described as task dispatching. This expands the skill’s operational scope into system modification and service management, increasing attack surface and enabling unintended code execution from an external repository.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill reads an access token from one .env file and writes it into another workspace .env, effectively propagating credentials across contexts. This creates unnecessary credential exposure, increases the chance of leakage to subagents or logs, and violates least-privilege handling for secrets.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly promotes automatic task dispatch, status transitions, and failure handling against an external task board, but it does not clearly warn that enabling the skill will cause autonomous writes to external system state. This can lead operators to enable the skill without understanding that it may continuously claim tasks, launch subagents, and change statuses, creating integrity and operational risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The recurring-check setup instructions tell the user to configure periodic automation, but they omit a clear notice that this establishes ongoing unattended actions against the task board. Once enabled, the agent may repeatedly inspect tasks, dispatch work, and update records without per-run user confirmation, increasing the chance of unintended changes or task churn.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrase is broad enough to overlap with normal user requests for setup help, which can cause the skill to activate in situations where the user did not intend system deployment or automated task execution. Because this skill performs environment checks, service setup, and dispatch behavior, accidental invocation could lead to material system changes.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs writing API credentials into an agent workspace .env without warning about secret persistence, scope, or downstream exposure. This is dangerous because workspace files may be read by other tools, agents, or users, turning a temporary token into a broadly accessible credential.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The deployment flow clones a repository, installs dependencies, and starts services without clearly warning that it will modify the local system, create files, and run software. While such actions may be legitimate in setup contexts, omitting explicit notice and consent increases the risk of unintended changes and trust abuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal