ClawHub

task-orchestrator-cron-heartbeat-subagent

Security checks across malware telemetry and agentic risk

Overview

This scheduling skill is mostly coherent, but it needs review because it can create recurring message-sending automations and still contains hard-coded recipient and timezone examples.

Review before installing if you plan to let it create cron or heartbeat automations. Replace every recipient ID, accountId, channel, agentId, and timezone with your own values, require confirmation before sending messages or creating recurring tasks, and define exact inbox/calendar urgency rules and cooldowns before enabling monitoring.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The quick-reference trigger phrases are broad and ambiguous, such as 'regularly check' or 'continuously monitor,' which could match ordinary conversation and cause unintended task creation or mode selection. In an agent skill, loose natural-language triggers can be exploited through prompt phrasing to steer the agent into persistent or autonomous behavior the user did not clearly request.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The guide hardcodes a timezone of Asia/Shanghai in task creation examples and troubleshooting guidance without indicating that the user's locale should be detected or confirmed. This can cause scheduled actions to run at the wrong time, which becomes a security and reliability issue when tasks send messages, monitor systems, or trigger automation.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The event trigger uses a loosely defined signal, "urgent_inbox", with a threshold of 1, which can cause unintended activation from ordinary or mislabeled inbox events. In an orchestrator that can notify, remind, or launch downstream pipeline behavior, ambiguous triggers increase the chance of unauthorized or unnecessary automated actions.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The condition "unread_urgent >= 1" relies on an undefined concept of "urgent", so different components may interpret it inconsistently or too broadly. That ambiguity can let low-quality classifications or manipulated metadata trigger reminder/notification logic unexpectedly, reducing trust in the orchestrator and potentially causing alert abuse.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The template explicitly includes network access, file read/write, and command execution as resource requirements, but provides no accompanying warning, approval gate, or constraint guidance for operators. In an agent orchestration context, this can normalize assigning sensitive capabilities to subagents without user awareness, increasing the chance of unintended data exfiltration, destructive file changes, or unsafe shell execution.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal