ClawHub

Dev Project Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill is a local project-documentation helper, but users should understand that it can persist project progress and personnel details into logs or long-term memory.

Install only if you want an agent to maintain local project-tracking files. Avoid using it for confidential personnel or project details unless you are comfortable with those details being written to logs or long-term memory, and require explicit confirmation before any archive step that deletes the original project directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill’s stated scope is project documentation under `projects/<project>/<requirement>/`, but its instructions also write project data into `memory/YYYY-MM-DD.md` and a long-term `memory_store`. That creates cross-boundary data propagation, increasing the chance of unintended retention, privacy leakage, and contamination of unrelated personal or agent memory contexts.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to copy project progress into `memory/YYYY-MM-DD.md`, while later stating that project progress must not be mixed into personal logs. This contradiction is dangerous because the operational step will likely win in execution, causing sensitive project updates to be duplicated into a broader, less appropriate location and violating expected data separation.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad, everyday phrases such as '新需求', '建个项目目录', and '记一下进展', which can match normal conversation without clear user intent to invoke this skill. In an agent environment with file-write capabilities, accidental activation can lead to unintended directory creation, document updates, or archival actions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The condition '收到"记录进展"或项目相关更新时' is ambiguous because 'project-related updates' is broad and subjective. This makes it easy for incidental conversation to be interpreted as an instruction to append logs and sync data elsewhere, causing unintended writes and possible disclosure of information that the user did not intend to persist.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal