ClawHub

项目流程管理器

Security checks across malware telemetry and agentic risk

Overview

This project-management skill is not malicious, but it needs review because unsafe file paths and unescaped HTML can affect files or expose project data when given unsafe input.

Install only if you are comfortable with a local-file project tracker. Use trusted project IDs and trusted JSON data, keep generated reports/boards/email drafts private, and avoid opening generated HTML boards from imported or shared project data until the HTML escaping and path confinement issues are fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises file-backed project management workflows and explicitly references reading and writing JSON, report, and board files, but it does not declare corresponding permissions. Undeclared file access weakens user awareness and policy enforcement, increasing the chance that the skill can access or modify local data without informed consent.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The HTML generator interpolates untrusted project and task fields such as project name, task name, assignee, endDate, and blockers directly into HTML and even into attribute contexts like style values without escaping or validation. If a project JSON contains attacker-controlled content, opening the generated board in a browser can trigger stored XSS or HTML/script injection, which is more dangerous in this skill because generating and viewing rich project dashboards is a core workflow.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill includes outbound email reminders and scheduled reminder behavior, but it does not clearly warn users that it may send external communications or perform automated actions over time. This can lead to unintended disclosure of project status or personnel information and surprise background activity if enabled without explicit consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill stores project records locally in JSON files and supports export, including personnel, departmental ownership, and operational progress data, but it does not prominently warn users about this persistence and exportability. That omission can cause users to place sensitive business or personal data into files that are easier to copy, back up, or exfiltrate than expected.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal