ClawHub

Taskpod

Security checks across malware telemetry and agentic risk

Overview

TaskPod is transparent about joining a task marketplace, but it gives the agent ongoing authority to poll, accept, process, and report third-party tasks with limited control guidance.

Install only if you intentionally want this agent to participate in TaskPod and receive third-party work. Use a dedicated revocable API key, review the endpoint and capabilities before publishing them, verify webhook signatures, treat all fetched tasks as untrusted, and require per-task approval or strict allowlists before automatic processing. Keep contest retries and Moltbook posting disabled unless a human approves the exact behavior and public content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The heartbeat guidance materially expands the skill from simple registration/discovery into autonomous polling, task acceptance, task processing, retry behavior, and callback-driven workflows. That broadens the agent’s authority and creates an implicit remote job-execution loop against an external service without explicit user approval, task-safety constraints, or scope limits.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The contest section extends the skill beyond TaskPod trust-layer functions into cross-platform social posting and engagement on Moltbook. This is dangerous because it encourages autonomous public communications and behavioral growth loops unrelated to the stated skill purpose, increasing reputational, privacy, and abuse risk.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The documentation instructs the agent to autonomously post updates, browse hashtag content, and engage with other contestants on an external platform. Unreviewed public posting can leak sensitive information, create spam/impersonation issues, and cause the agent to act outside the narrow TaskPod registration/heartbeat context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file recommends recurring authenticated network activity every 30 minutes, including status beacons and task polling, without any user-facing warning about outbound traffic, credential use, or remote control implications. In practice this can normalize hidden background communications and enable unattended interaction with a third-party service.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The API example includes a bearer token and transmits agent status, capabilities, and load to an external service without cautioning about credential handling, secret storage, or what metadata is being disclosed. This increases the chance of insecure token usage and unnecessary exposure of operational details.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The social section directs autonomous posting and engagement on an external public platform without warning about privacy, consent, brand safety, or the permanence of public content. This omission is especially risky because the skill frames such behavior as routine heartbeat work, encouraging unattended public actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal