ClawHub

planning-with-files

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed planning helper that creates local markdown planning files, with no evidence of credential theft, exfiltration, destructive actions, or deceptive behavior.

Install this only if you want the agent to maintain planning files in your project directory. Review task_plan.md, findings.md, and progress.md before committing or sharing them, because they can contain task details, research notes, errors, file paths, and other sensitive context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to create and continually update `task_plan.md`, `findings.md`, and `progress.md` in the user's project directory, but it does not clearly warn the user that filesystem writes will occur automatically. In a real project, this can unexpectedly modify repositories, introduce untracked files, leak sensitive task details into the workspace, or interfere with workflows if the skill auto-activates.

Missing User Warnings

Low
Confidence
72% confidence
Finding
This example normalizes creating a replacement config.json after a missing-file error without any confirmation, scope check, or warning that configuration state is being changed. In a real agent setting, that pattern could lead to unintended mutation of application behavior or overwrite a deliberately absent configuration file, especially if the agent generalizes this recovery behavior beyond harmless workspace examples.

Hidden Instructions

High
Category
Prompt Injection
Content
# Task Plan: [Brief Description]
<!--
  WHAT: This is your roadmap for the entire task. Think of it as your "working memory on disk."
  WHY: After 50+ tool calls, your original goals can get forgotten. This file keeps them fresh.
  WHEN: Create this FIRST, before starting any work. Update after each phase completes.
Confidence
88% confidence
Finding
<!-- WHAT: This is your roadmap for the entire task. Think of it as your "working memory on disk." WHY: After 50+ tool calls, your original goals can get forgotten. This file keeps them fresh. W

Hidden Instructions

High
Category
Prompt Injection
Content
-->

## Goal
<!--
  WHAT: One clear sentence describing what you're trying to achieve.
  WHY: This is your north star. Re-reading this keeps you focused on the end state.
  EXAMPLE: "Create a Python CLI todo app with add, list, and delete functionality."
Confidence
85% confidence
Finding
<!-- WHAT: One clear sentence describing what you're trying to achieve. WHY: This is your north star. Re-reading this keeps you focused on the end state. EXAMPLE: "Create a Python CLI todo app w

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal