ClawHub

Dev Project Manager

Security checks across malware telemetry and agentic risk

Overview

This project-management skill appears useful, but its templates may let an agent change local project state and Asana tasks more broadly than the metadata discloses.

Review the templates before installing. Only use this skill in workspaces where you are comfortable with an agent editing project state and creating or changing tasks, and require explicit confirmation before any local file, queue, or Asana mutation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The template instructs the PM skill to inspect and modify local project state files, workspace documents, and queue files even though the skill metadata says it does not interact with repositories or perform direct operational actions. This creates a capability/expectation mismatch that can cause an agent to take filesystem-driven actions outside its declared scope, increasing the risk of unauthorized state changes, workflow tampering, or confusing operators about what the skill is allowed to do.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The checklist includes direct Asana setup and task-creation actions despite the manifest explicitly stating that this skill does not make Asana API calls directly. In an agentic environment, contradictory instructions can lead orchestration layers or downstream agents to overstep permissions, perform unauthorized project changes, or bypass intended separation between planning and execution skills.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions are extremely broad and cover common phrases like project status, requirements, kickoff, and engineering review. This can cause the skill to activate in unrelated conversations and begin reading or modifying project files, queues, and task systems in contexts where that behavior was not intended, increasing the risk of cross-context actions and unauthorized workflow changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal