ClawHub

Task Ledger

Security checks across malware telemetry and agentic risk

Overview

Task Ledger is coherent and not malicious, but it needs Review because it can resume side-effectful workflows from a vague trigger and its helper scripts persist operational state with under-scoped local writes.

Install only in workspaces where persistent task files, logs, outputs, and copied helper scripts are acceptable. Use explicit task IDs when resuming, avoid task slugs or stage names copied from untrusted text, verify real system state before continuing any deploy/restart/sync task, and do not share exported reports if they contain process, session, or cron identifiers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill instructs the agent to copy bundled assets into the workspace root and create runtime directories, which are filesystem modifications, but it does not give a clear user-facing warning about that impact before first use. Although it says not to overwrite modified files silently and to report what was installed, users may still be surprised by workspace changes if consent is not explicitly obtained at the point of modification.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase "continue" is extremely generic and can be invoked during normal conversation, causing the agent to enter a task-resumption workflow without clear user intent. In this skill, that can expose prior task metadata or resume actions tied to long-running jobs and external side effects, making accidental execution materially risky.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal