ClawHub

Wekan

Security checks across malware telemetry and agentic risk

Overview

This skill coherently manages Wekan boards with a Wekan token and external CLI, with disclosed live-board mutation risks but no evidence of hidden or malicious behavior.

Install only if you trust the upstream wekan-cli GitHub dependency. Use a dedicated least-privilege Wekan account, avoid admin tokens for normal board work, protect WEKAN_TOKEN as a bearer secret, and require explicit confirmation before archive, restore, delete, or user-listing operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The skill description includes broad activation guidance such as using it for 'anything Trello-like,' which can cause the agent to invoke this skill in ambiguous task-management contexts. Because the skill can create, move, and archive data on a live Wekan server using configured credentials, over-triggering increases the chance of unintended state-changing actions against user boards.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation advertises archive operations as normal commands but does not warn that they change persistent board state and may hide or effectively remove tasks from active workflows. In an agent context, this omission makes destructive or semi-destructive actions more likely to be executed without explicit user awareness or confirmation.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The documentation instructs users to rely on `WEKAN_TOKEN` being present in the environment but provides no guidance on protecting that credential from shell history, process inspection, logs, or accidental inheritance by child processes. In an agent/CLI skill context, environment variables are commonly surfaced to subprocesses and debugging output, so omission of handling guidance creates a real but low-severity secret exposure risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The login example explicitly says the command prints the authentication token and user ID, but it does not warn that this exposes a bearer credential to the terminal, shell recording tools, CI logs, shared sessions, or copied transcripts. In an agent skill, command output may be captured automatically, making credential disclosure materially more dangerous than in ordinary interactive use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal