ClawHub

Task Planner

Security checks across malware telemetry and agentic risk

Overview

This is a task-planning skill with local task storage, optional OpenAI audio transcription, and reminder helpers; the risky parts are mostly disclosed and fit the stated purpose.

Install only if you are comfortable storing task data in your home directory and using an OpenAI API key for voice transcription. Treat any audio passed to transcribe.py as uploaded to OpenAI, and check the exported calendar and reminder log paths because they may contain personal schedule details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares no permissions, yet its documentation clearly instructs use of environment variables, local file writes, shell commands, and scheduled execution. This mismatch undermines trust boundaries and can cause the platform or user to approve a skill without understanding that it can access secrets, create files, and run commands.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest presents a task-planning skill, but the documentation adds WeChat voice-input transcription and reminder automation behavior that materially expands the data types processed and the operational scope. Scope drift like this is dangerous because reviewers and users may approve a simple planner while the skill also handles audio content and external-service interaction.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Introducing external AI transcription requires sending user audio or derived text to a third-party service, which is a materially different capability from local task planning. Without explicit justification and disclosure, this creates hidden data exfiltration and privacy risk, especially for potentially sensitive voice messages.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises automatic WeChat reminders and voice-to-text using an OpenAI API key, but gives no warning that task content, reminder content, or voice data may be transmitted to third-party services. This is a real privacy and security concern because users may unknowingly expose sensitive personal schedule data or audio to external platforms without informed consent.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
Writing exported data to a fixed path can overwrite an existing file or create sensitive artifacts on disk without the user realizing it. In a task-planning context, the exported calendar may contain personal schedule details, so silent file creation introduces privacy and integrity risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to provide an API key and process voice input through an external AI service without warning that audio content may leave the local environment. This is dangerous because voice messages often contain personal or sensitive information, and users cannot make informed privacy decisions without disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script uploads the provided audio file to OpenAI's Whisper API, which transmits potentially sensitive voice content to an external service. There is no explicit user-facing warning, consent prompt, or privacy notice at the point of use, so users may unknowingly send confidential data off-host.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal