ClawHub

Task Supervisor

Security checks across malware telemetry and agentic risk

Overview

This long-task tracker is mostly coherent, but it automatically creates persistent task files and recurring reporters that can send task details to an external chat service without clear opt-in or privacy limits.

Install only if you want agents to create `.tasks/` files and schedule recurring progress reporters. Confirm which chat service and recipient will receive updates, avoid putting secrets or private details in task logs, and verify that reporter crons are removed when work is paused, completed, or abandoned.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to create `.tasks/<TASK-SLUG>.md` files automatically without first notifying the user that it will write persistent state into the workspace. This can unexpectedly modify repositories or working directories, leak task details into synced storage, and create artifacts that may later be committed or accessed by other processes.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill directs the agent to spawn a background cron reporter immediately at task start, without clear user approval for ongoing background execution or autonomous outbound notifications. This creates a persistence mechanism that can continue operating beyond the immediate interaction and may transmit status or sensitive task information without the user's informed consent.

Missing User Warnings

High
Confidence
98% confidence
Finding
The cron message explicitly tells the system to read the task file and send progress updates to Feishu, which may include task contents, blockers, and other potentially sensitive user or system data. Without a privacy warning, redaction rules, or user consent, this creates a clear risk of unintended data exfiltration to an external messaging service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal