ClawHub

Smart Tasks

Security checks across malware telemetry and agentic risk

Overview

This is a coherent markdown task manager, but users should review its optional workspace-integration and scheduled cleanup behavior before enabling them.

Install only if you are comfortable with a local tasks/ directory being used as persistent task memory. Review and explicitly approve any proposed edits to AGENTS.md, SOUL.md, HEARTBEAT.md, or self-improving/tasks.md. If you enable cron jobs, check the messaging channel, schedule, and weekly archive cleanup behavior first, especially in workspaces containing sensitive task details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs applying workspace integration changes outside the `tasks/` area, which expands its effective write scope beyond simple markdown task management. Even with user approval mentioned, this creates a privilege/scope mismatch that can lead to unintended edits to sensitive workspace control files and increases the blast radius of the skill.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The document claims the skill does not modify files outside its own directory, but elsewhere instructs changes to AGENTS.md, SOUL.md, and HEARTBEAT.md. This contradiction is dangerous because it can mislead reviewers and users about the skill's actual behavior, undermining trust boundaries and making unauthorized or surprising workspace modifications more likely.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The integration guidance extends the skill into creating or updating `self-improving/tasks.md`, which is outside the task-storage area and not necessary for core task CRUD functionality. This broadens persistent write access and can create hidden cross-skill state or logs that users may not expect from a task manager.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The weekly review template goes beyond summarization and planning by autonomously moving files in tasks/done/ to archive locations and changing file status. That introduces state-changing maintenance behavior in a review/reporting workflow, which can unexpectedly alter user data and make task history harder to track or recover if the archival logic is wrong.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation criteria are broad enough to match ordinary discussion about work, deadlines, and things to do, which increases the chance of the skill engaging without clear user intent. In a write-capable skill, ambiguous invocation is risky because it can lead to unsolicited creation or modification of persistent task files based on casual conversation.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Stating that no special commands are needed for common task-related mentions makes invocation ambiguous and encourages the agent to infer write actions from ordinary language alone. Given that this skill persists data to the workspace, that ambiguity can cause accidental task creation, updates, or status changes without sufficiently explicit consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The template performs destructive file operations and metadata updates without any warning, preview, or confirmation step. In a scheduled cron context, this is especially risky because it can repeatedly mutate workspace files unattended, causing accidental data loss, mis-archival, or silent corruption of the task system.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal