Back to skill

Security audit

TaskMaster - AI Cost Optimizer

Security checks across malware telemetry and agentic risk

Overview

TaskMaster is a disclosed task-planning and cost-tracking skill, but its cost tracking is less complete than the documentation claims.

Install only if you want a helper that plans OpenClaw sub-agent work and records local cost history. Review generated sessions_spawn commands before running them, set explicit budgets, treat cost data as estimates unless you verify token usage separately, and avoid sensitive details in task descriptions because they may be written to taskmaster-costs.json.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill advertises orchestration via an external script and mentions basic file operations, yet no explicit permissions are declared. That mismatch can cause the host or user to underestimate the skill’s ability to read or write local data, which is risky in a project-management skill that may touch many files while coordinating tasks. The context increases concern because delegation and aggregation workflows commonly process broad workspace content, amplifying accidental overreach if permission boundaries are unclear.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The method claims to retrieve actual token usage from completed sessions, but it uses hardcoded placeholder token counts and falls back to estimates. In a delegation and budget-management skill, this can misstate spend, defeat budget enforcement, and mislead downstream decisions that rely on accurate cost telemetry.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
This updater presents placeholder-derived values as actual completed-session costs and then mutates the tracked budget using them. That can corrupt budget accounting and cause overuse, underreporting, or unsafe planning decisions in a system whose purpose is cost-controlled delegation.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The execution path reports success and returns a simulated result even though it never actually executes the delegated task. In an orchestration skill, this can cause false completion, skipped work, bad dependency resolution, and trust in outputs that were never produced.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The README explicitly encourages sub-agent spawning and local cost-history file operations, but it does not warn users that these actions can create additional compute activity, spend budget, and write persistent artifacts to disk. In a task delegation skill, omission of these operational warnings can lead to unintended system-impacting behavior, especially if users assume the examples are side-effect free.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Task descriptions are persisted to a local JSON file without notice, minimization, or access controls. Because delegated tasks may contain sensitive prompts, customer data references, or internal project details, this creates an avoidable data exposure and retention risk.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.