ClawHub

Agent Task Logger

Security checks across malware telemetry and agentic risk

Overview

This is a local task logger whose main risk is that command and error text may be saved in workspace log files.

Install only if you want local task logging. Keep the log directory in a trusted workspace, restrict access to it where appropriate, rotate or delete old logs, and avoid logging API keys, passwords, customer data, private paths, or other secrets in task names, command strings, or error messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README defines very broad natural-language trigger phrases such as '初始化日志系统' and '查看任务日志' without clear invocation boundaries, confirmation requirements, or exclusions. In an agent environment, this can cause accidental activation from ordinary conversation or embedded text, leading to unintended logging actions and possible leakage of task metadata or commands into persistent files.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation encourages logging executed commands and error messages, but does not warn that these fields may contain secrets such as tokens, passwords, internal paths, or sensitive operational details that will be written to persistent log files. Because the skill is specifically designed to capture shell commands and failures, the surrounding context makes secret exposure more likely than in generic logging documentation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly encourages logging task names, shell commands, statuses, and error messages to persistent files, but it does not warn that these fields may contain secrets, tokens, file paths, internal hostnames, or other sensitive operational data. Because the logs are intended to be long-lived and tail-able, this increases the chance of accidental disclosure to other local users, backup systems, or later tooling that reads the log directory.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal