ClawHub
Back to skill

Security audit

Productivity Automation Kit

Security checks across malware telemetry and agentic risk

Overview

This is a coherent productivity automation template kit with local helper scripts, but users should add safeguards before adapting its business, API, messaging, or posting examples.

Safe to install as a productivity template kit. Before using the examples with real systems, add human approval for finance, CRM, email, Slack, and social posting workflows; use least-privilege tokens; avoid storing personal or customer data in plain JSON without retention and access controls; and install jq if you plan to use the reminder script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises no declared permissions while its embedded templates clearly perform local file reads and writes, creating a mismatch between declared capabilities and actual behavior. This can mislead users or reviewers about what the skill may do and weakens permission-based trust and oversight, especially in an automation-focused skill that encourages saving reports and processed data to disk.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The security statement claims the skill does not access external APIs or make network requests, yet the Bash template includes a curl call to an external endpoint with bearer-token authentication. This contradiction is dangerous because users may trust the privacy claims and supply sensitive tokens or data without realizing the workflow is designed to transmit data off-host.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill states it will not automatically send messages to third parties, but multiple workflow templates include sending email, notifications, group messages, or social media queue submissions. Such misleading assurances can cause users to enable automations that distribute information externally without appreciating the disclosure or reputational risks.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases include broad everyday expressions such as reminders, weekly planning, and productivity terms that are likely to appear in normal conversation. In an automation skill, accidental invocation is more concerning because it may lead users into workflow creation, reminders, data handling, or other actions they did not intend to start.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The template stores lead and enrichment data into a CRM file after processing form submissions that may contain personal or business contact information. Because the example normalizes, enriches, scores, and stores potentially sensitive records without any privacy notice, retention guidance, access controls, or minimization language, users could implement data handling that violates privacy expectations or internal policy.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This scheduled reporting workflow pulls sales and CRM data, generates reports, and distributes them to Slack and email recipients without any warning about confidentiality, audience restriction, or redaction. In a productivity skill, this is more dangerous because users may copy the template directly into business environments, unintentionally exposing internal metrics or customer-related CRM data to overly broad channels.

External Transmission

Medium
Category
Data Exfiltration
Content
# Step 1: 数据采集
log "采集数据..."
DATA=$(curl -s -H "Authorization: Bearer $API_TOKEN" \
  "https://api.example.com/endpoint" || echo "")

# Step 2: 数据验证
if [ -z "$DATA" ]; then
Confidence
94% confidence
Finding
https://api.example.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.