ClawHub

Commitment Engine

Security checks across malware telemetry and agentic risk

Overview

This is a real commitment-tracking skill, but it can persist user tasks and create future cron-triggered actions without clear approval or cleanup controls.

Install only if you intentionally want the agent to keep a persistent commitment ledger and schedule future reminders or actions. Before using it, confirm how entries and cron jobs can be reviewed, changed, canceled, and deleted, and avoid storing sensitive commitments unless you are comfortable with them persisting across sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs creation of an external scheduled job using `openclaw cron add`, which extends behavior beyond passive note-taking into autonomous future execution. This is dangerous because it can persist actions outside the immediate user interaction and may continue triggering without clear user consent, review, or lifecycle controls.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill mandates writing user commitments to `workspace/commitments.md` and also recording state changes into memory, creating persistent storage of potentially sensitive task and time data. Without clear disclosure, consent, retention limits, or data minimization, users may unknowingly have personal schedules and obligations stored long-term.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes recurring commitments that may automatically register cron jobs for future execution but does not warn users that this creates ongoing scheduled behavior. Hidden autonomous scheduling is risky because it can outlast the original conversation, surprise users, and repeatedly trigger actions or reminders without renewed approval.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal