ClawHub

Asana

Security checks across malware telemetry and agentic risk

Overview

This Asana skill appears purpose-built rather than deceptive, but it grants broad live workspace write access and local-file upload capability with limited built-in confirmation or containment.

Install only if you want an agent to manage real Asana data. Use the least-privileged PAT available, store it in a secret-aware config path, avoid exposing it with config read commands, and require explicit human approval before task mutations, comments/status updates, timeline shifts, or uploading local files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill is user-invocable and broadly scoped to many Asana management actions, including destructive and state-changing operations, without clear activation boundaries or trigger constraints. In an agent setting, this increases the chance the skill is invoked opportunistically or from ambiguous user intent, leading to unintended reads or modifications of live Asana data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section documents create, update, and complete operations against live Asana resources but does not prominently warn that the commands mutate production workspace data. In agent-driven use, missing warnings can cause accidental task creation, status changes, or project edits when a user expects a dry run or informational action.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill supports attachment uploads and local storage of event sync tokens without explaining data retention, local filesystem persistence, or privacy implications. This can expose sensitive files, metadata, or activity history to other local users, containers, logs, or future runs if storage locations and handling guarantees are unclear.

Session Persistence

Medium
Category
Rogue Agent
Content
## Setup (PAT)

1. Create a PAT: Asana → Developer App / PAT settings (see Asana docs: Personal access token).
2. Provide it to the runtime as `ASANA_PAT`.

### Recommended: store the PAT in OpenClaw config (non-interactive)
Confidence
82% confidence
Finding
Create a PAT: Asana → Developer App / PAT settings (see Asana docs: Personal access token). 2. Provide it to the runtime as `ASANA_PAT`. ### Recommended: store the PAT in OpenClaw config (non-interac

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal