ClawHub
Back to skill

Security audit

Elephantastic

Security checks across malware telemetry and agentic risk

Overview

This package presents itself as a deprecated rename notice, but it still bundles active scripts that can read activity data and change or delete local Taskwarrior tasks.

Use Review caution. If you only want the renamed skill, install elephantastic directly. If you install or invoke this package anyway, assume it can read and mutate your local Taskwarrior data, inspect Timewarrior or heartbeat activity, and participate in scheduled monitoring if you configure cron.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill metadata says the package is deprecated and only renamed, but the bundled README defines and promotes a substantial autonomous task-management system with installation and operational guidance. This mismatch can mislead reviewers, policy gates, or users into underestimating the capability and behavior of the skill, increasing the chance that risky automation is installed or trusted without appropriate scrutiny.

Description-Behavior Mismatch

Medium
Confidence
81% confidence
Finding
The package metadata says the skill is deprecated and instructs users to install a different package, but the code still contains active functionality that can list, modify, complete, and delete tasks. That mismatch is dangerous because operators may assume the package is inert or informational only, lowering scrutiny while the code still performs real state-changing actions on the user's Taskwarrior database.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The global Taskwarrior overrides include rc.confirmation=no, which suppresses confirmation prompts for operations such as done and delete. In an agent skill context, this increases the chance of accidental or automated destructive changes to a user's task database without an additional human verification step, especially because delete is exposed directly from command-line arguments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal