ClawHub

TaskboardAI Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent TaskBoardAI Kanban integration, but it can persist task context and summaries outside the chat if used as documented.

Install this only if you want TaskBoardAI to retain task details outside the chat. Verify the npm package and MCP server path, avoid saving secrets or sensitive business data in cards, and narrow the optional AGENTS.md trigger if you want task creation only after explicit user commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README describes automated task management but does not clearly warn users that task content and later summaries may be written to an external TaskBoard system. This creates a transparency and consent problem: users may provide sensitive data assuming it remains within the chat, while the skill is designed to persist it externally.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The workflow explicitly tells the agent to write full context and final results into task cards without any user-facing warning or consent gate. That behavior can persist sensitive prompts, proprietary information, credentials, or personal data into an external system, increasing exposure beyond the immediate conversation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger condition is overly broad because it permits activation not only on an explicit marker but also whenever the agent decides a task should be tracked. This can cause the skill to activate and exfiltrate conversation-derived content to TaskBoard without a clear user request or informed intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The English workflow repeats the same ambiguous auto-activation rule, reinforcing behavior where the agent may send data to the task board based on its own judgment rather than explicit user instruction. In the context of an external persistent system, ambiguous activation materially increases privacy and data-handling risk.

Ssd 3

Medium
Confidence
98% confidence
Finding
The protocol directs the agent to persist the user's full task context and final results in task card content for later reference. This creates durable storage of potentially sensitive or regulated data in an external system, expanding the attack surface through retention, sharing, logs, backups, and board access permissions.

Ssd 3

Medium
Confidence
98% confidence
Finding
The AGENTS.md guidance again instructs persistent storage of full context and final summaries, making data leakage a built-in operating pattern rather than an incidental behavior. Because the task board is intended for future reference, the risk is amplified by long-term retention and reuse of user-provided content outside the original chat boundary.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal