ClawHub
Back to skill

Security audit

Intelligent Task Planner

Security checks across malware telemetry and agentic risk

Overview

This skill is a broad task orchestrator that asks to become the mandatory gatekeeper for all agent requests and to auto-install other skills, which needs human review before use.

Install only if you intentionally want a global agent orchestrator. Before enabling it, disable system-prompt override, exclusive/intercept-all routing, and default auto-installation; require explicit confirmation before installing or invoking other skills; and review any executable code or downstream skills separately. Static scan was clean and VirusTotal was pending, so the Review verdict is based on the artifact’s own broad control and installation instructions, not malware telemetry.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The manifest explicitly enables force mode, exclusivity, interception of all inputs, and agent-level overrides including system prompt override. That behavior exceeds a normal task-planning skill and creates a control-plane risk where one skill can dominate routing, suppress other safeguards, and reshape agent behavior globally.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The documentation instructs operators to deploy this skill as a mandatory front controller for all user inputs, make it first priority, and enforce all execution through its planning chain. This broadens the skill from orchestration into total mediation, increasing the blast radius of any bug, prompt abuse, or malicious downstream installation behavior.

Vague Triggers

High
Confidence
98% confidence
Finding
The trigger pattern '.*' matches essentially every natural-language input, making unintended invocation the default. Combined with this skill's orchestration and auto-install behavior, universal matching can hijack unrelated requests and route them through risky execution paths without clear user intent.

Vague Triggers

High
Confidence
96% confidence
Finding
The markdown describes activation across a very wide range of common activities, from writing and coding to travel and emotional advice, without meaningful boundaries. Such overbroad scope makes accidental capture and overreach more likely, especially when paired with universal triggers and exclusive routing guidance.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill advertises automatic discovery and installation of missing skills from multiple sources, including community sources, without a prominent warning or trust boundary. This creates a supply-chain and environment-modification risk because ordinary user prompts could cause new code or capabilities to be fetched and integrated automatically.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation again promotes automatic download and installation of community skills but omits strong warnings about executing untrusted third-party code or altering the agent environment. In a planner that may handle arbitrary user requests, this materially increases supply-chain exposure and unsafe capability expansion.

Ssd 1

High
Confidence
99% confidence
Finding
The configuration directs the agent to override its own system prompt and force all inputs through this skill with exclusive priority. A skill that can supersede core instructions and mediate every request can disable defense-in-depth, bypass intended routing, and amplify any malicious or unsafe behavior in itself or its downstream dependencies.

Ssd 1

High
Confidence
99% confidence
Finding
The deployment instructions tell operators to place this skill first, assign highest priority, enable exclusive handling, intercept all inputs, and force the agent to obey its plan before acting. That effectively subordinates the rest of the agent to one third-party skill, creating a single point of failure and a strong avenue for policy bypass or persistent unsafe orchestration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.