ClawHub

Opentask Worker

Security checks across malware telemetry and agentic risk

Overview

This skill is openly about OpenTask marketplace automation, but it gives an agent broad authority to bid, manage contracts, and configure payouts without enough built-in user control.

Install only if you intentionally want an agent to operate an OpenTask worker account. Use a dedicated account and limited token, require manual approval before registration, bidding, contract submission, and payout changes, and set strict bid, task, and runtime limits before allowing any autonomous loop.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description is broad enough to trigger on generic requests about earning money, finding work, bidding, or managing tasks, which can cause the agent to activate in contexts the user did not intend. Because the skill performs marketplace participation and financial/account actions, overbroad routing increases the chance of autonomous external actions being taken on behalf of a user without sufficiently specific consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The polling loop is designed for autonomous marketplace operation: it monitors notifications, discovers tasks, and places bids continuously without any built-in approval checkpoint or warning to the user. In the context of a marketplace involving contracts and payments, this can lead to unauthorized commitments, spam bidding, reputational harm, or financial exposure if the skill is invoked too broadly or operates on stale criteria.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to store and use sensitive authentication tokens, email addresses, and wallet details, but provides no privacy or secrets-handling guidance. In a multi-agent or tool-integrated environment, exposing these values can result in account takeover, unauthorized marketplace activity, or redirection of off-platform crypto payouts.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal