ClawHub

TaskMaster - AI Cost Optimizer

Security checks across malware telemetry and agentic risk

Overview

TaskMaster is a disclosed task-delegation and cost-tracking skill, with no evidence of hidden execution, exfiltration, or destructive behavior.

Install only if you are comfortable with a skill that helps plan delegated OpenClaw sessions and records local cost history. Review generated sub-agent commands before running them, set clear budgets, avoid putting secrets in task descriptions, and delete or rotate taskmaster-costs.json and kept sessions when task history should not persist.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill advertises orchestration capabilities that imply file read/write operations via referenced scripts and task management, but it does not declare corresponding permissions. This creates a transparency and least-privilege problem: users and policy enforcement layers may not understand the skill’s real capabilities, increasing the chance of unintended file access or modification during delegated task execution.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The method is documented and presented as executing tasks with real token tracking, but it only prints and returns a spawn instruction while marking the task as successful and assigning an estimated cost as if execution occurred. In a delegation/orchestration skill, this can mislead downstream automation, corrupt budget accounting, and cause operators to make security or cost decisions based on false execution state.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The function claims to retrieve actual token usage from a completed session, but it uses hardcoded placeholder token counts and computes a fabricated 'actual' cost. In a task-delegation system, inaccurate cost telemetry can bypass budget controls, hide overspend, and undermine trust in audit data used for operational and security governance.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation description is very broad and encourages use for generic complex work, research projects, and multi-step workflows without clear limits on when the skill should or should not be invoked. In practice, this can cause over-triggering in sensitive contexts, leading the skill to delegate tasks, access files, or orchestrate sub-agents for requests that should have remained constrained or manually reviewed.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The README explicitly states that a `taskmaster-costs.json` log will be created and used for full tracking history, but it does not warn users that operational metadata and usage details will be persisted locally. In a task delegation system, such logs can expose task names, budgets, model usage, or session-related identifiers to other local users, backups, or downstream tooling if users are unaware of the persistence.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The web scraping template explicitly instructs scraping external websites and rate-limited requests, but provides no warning that use of this template may cause outbound network access or transmit retrieved external data back through the agent workflow. In a task-delegation skill, this omission can lead users to trigger external interactions without informed consent, increasing privacy, compliance, and policy-risk even if the template itself is not directly malicious.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The cost logger persists full task descriptions to a local JSON file without minimization, consent, or access controls. Because task descriptions in this skill may contain user prompts, project details, secrets, or sensitive business context, this creates a local data exposure and retention risk beyond the immediate execution flow.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal