ClawHub

Long Task Handoff

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local handoff-note manager for long agent tasks, with automatic workspace file updates that users should understand but no evidence of hidden exfiltration or destructive behavior.

Install this only if you want automatic restart handoffs for long coding sessions. Review or delete `handoffs/ACTIVE.md` and old handoff files when changing tasks, avoid passing secrets into handoff payloads, and treat any recovered handoff as context to verify before acting on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill description embeds broad activation conditions such as resumed sessions, low-context hooks, and user restart-related phrasing, which can match many normal agent interactions. That can cause the skill to run when not actually needed, leading to unintended file writes (for example updating ACTIVE.md or handoff files) and unnecessary recovery behavior based on ambiguous conversational cues.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The automatic behavior section treats common phrases like "continue," "keep going," "继续," and "接着做" as triggers to run recovery before asking for context. These are everyday phrases that can appear in unrelated conversations, so the skill may activate and read or act on workspace handoff state without clear user intent, increasing the chance of context confusion or unintended state transitions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The continuation trigger list is broad enough to match ordinary conversational phrases like 'continue' or 'keep going' without requiring strong evidence that a prior session exists. In an agent workflow, this can cause unintended handoff recovery or state resurrection, which may make the agent act on stale or incorrect context and perform actions the user did not explicitly reauthorize.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The automatic activation policy uses qualitative conditions such as 'substantial workspace state' and 'similar after a restart' without clear boundaries or precedence rules. Ambiguous auto-triggering in a security-sensitive agent can lead to unsolicited persistence, recovery, or cross-session state carryover, increasing the risk of confusing task state, leaking prior context, or taking actions based on unintended assumptions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal