ClawHub

task-plan-generator_cn

Security checks across malware telemetry and agentic risk

Overview

This planning skill writes local task-planning reports and reads a small set of planning resource files, which is disclosed and aligned with its purpose.

Install only if you are comfortable with local task reports being written under task_reports, possible reads of plan_source.md from the workspace/parent/home resource path, and automatic cleanup of old reports. Avoid using it for sensitive tasks in shared or synced directories unless those reports are acceptable to retain locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill recommends shell-based aggregation of archived reports using commands like cat, grep, and jq. In a planning skill, introducing shell execution for routine report parsing expands the attack surface unnecessarily, can process more files than intended via globbing, and may expose sensitive archived task data if executed without strict scoping.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill states that it will generate and archive a report after each task, but does not clearly warn the user that task outcomes will be written to disk. This creates undisclosed persistence of task metadata and possibly sensitive execution details, which is a privacy and data-governance issue in a general-purpose planning skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to read plan_source.md from the workspace, parent directory, and the user's home directory without a privacy warning or consent step. Accessing local historical resources outside the immediate task scope can expose unrelated or sensitive information and violates least-privilege expectations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill defines automatic cleanup of archived reports older than 90 days without clearly notifying the user that deletion may occur. Automatic deletion changes user data on disk and can remove audit history or records the user expected to keep, making it unsafe without explicit consent and controls.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill directs the agent to archive every user confirmation question and answer into task records. User replies often contain file paths, credentials, business context, or other sensitive details, so mandatory verbatim retention creates unnecessary persistent storage of potentially sensitive user-provided data.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill mandates generating and retaining task briefs for every task result, including tools used, statuses, timing, and historical aggregation. In a general-purpose agent context, this creates a broad activity log that can reveal sensitive workspace operations, user behavior, and operational metadata beyond what is necessary for planning.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal