ClawHub

Ocas Triage

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only scheduler skill that openly manages task order and local queue logs, with privacy and accidental-invocation risks users should understand.

Install this only if you want a local scheduler to control task ordering, interruptions, and Mentor heartbeat cadence. Avoid putting secrets or highly sensitive details in task text, and periodically review or clear `.triage/` data if retained queue history or journals are sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly states that the skill maintains a durable task queue and decision logs on disk, but it does not warn users that operational data will persist across sessions. In a scheduler/triage component, those records can contain task names, routing decisions, priorities, and workflow metadata, which may expose sensitive operational context if users assume the tool is ephemeral.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The invocation examples include very broad, natural-language phrases such as checking what is being worked on or what is pending. In a conversational system, these overlap with ordinary user speech and can unintentionally trigger the scheduler skill, causing task-state exposure, queue manipulation, or unintended routing/preemption when the user may have meant a casual question rather than a control action.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly documents durable writes to multiple local files, including queue, signals, decisions, history, journals, and reports, but does not provide any user-facing warning, consent model, or retention guidance. This creates a real privacy and safety risk because user tasks, operational metadata, and potentially sensitive work details may be persisted unexpectedly and later exposed, retained longer than intended, or consumed by other components polling those files.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The description is broad enough to match many generic task-management or prioritization requests, which can cause the agent to invoke this system skill outside its narrow intended scope. Because it is a system-type skill that can influence execution order, preemption, and checkpointing, overbroad triggering increases the chance of unintended control over workflow and attention allocation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal