ClawHub

Task Harness

Security checks across malware telemetry and agentic risk

Overview

This task-planning skill is not malicious, but it needs review because it can create persistent repository workflow files and instruct agents to push changes remotely without an approval gate.

Install only if you want a persistent task-management harness added to your repository. Review generated files, especially AGENTS.md and init.sh, and require explicit approval before any commit or push.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to create and modify multiple files in the project root without explicitly warning the user that repository contents will be changed. In an agentic environment, silent writes can alter tracked files, introduce review noise, or overwrite local conventions, especially if the skill auto-triggers from vague planning language.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs execution of a shell script (`bash init.sh`) but provides no safety notice, inspection step, or restriction on what the script may contain. In agent workflows, normalizing shell execution without review increases the risk of running unintended commands, especially because the same skill is responsible for generating the script content.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Mandating `git push` without warning the user means local work may be transmitted to a remote repository automatically, which can expose proprietary code, secrets, or unfinished changes outside the local environment. In a long-running agent context, automatic remote synchronization is materially more dangerous than local file edits because it crosses a trust boundary and may be irreversible once mirrored or reviewed by external systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal