ClawHub

Qclaw Task Submitter

Security checks across malware telemetry and agentic risk

Overview

This skill is a plausible WorkBuddy bridge, but it can hand broad local file, document, analysis, and automation tasks to an immediate executor without clear confirmation, scope limits, or cancellation guidance.

Install only if you already trust the local WorkBuddy bridge and have inspected its qclaw_queue.py helper. Before use, confirm exactly what task, files, folders, and schedule will be sent, avoid secrets or sensitive documents unless intended, and make sure you know how to cancel or undo WorkBuddy actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases and routing guidance are broad enough to match common requests such as generating reports, analyzing files, or organizing folders, which can cause the agent to hand off more user requests than necessary to an external executor. This increases the chance of unintended task delegation, including sending sensitive prompts, file paths, or operational instructions to WorkBuddy without sufficiently narrow user intent confirmation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to submit tasks, original intent, and arbitrary JSON context to WorkBuddy, including examples with usernames and local file paths, but provides no user-facing warning or consent mechanism for external transmission and execution. In a skill specifically designed to offload work to another system, this omission is significant because it can expose sensitive content, metadata, and local environment details to a separate execution pipeline without clear notice.

VirusTotal

No VirusTotal findings

View on VirusTotal