ClawHub

Desktime

Security checks across malware telemetry and agentic risk

Overview

This DeskTime skill is a coherent integration, but it gives an agent broad authenticated access to sensitive workplace data without enough limits or confirmation guidance.

Install only if you trust Membrane and intend to grant authenticated DeskTime access. Prefer built-in Membrane actions, avoid full-URL proxy requests, and require explicit user approval before creating, changing, deleting, or disclosing users, attendance, productivity, absences, reports, projects, or tasks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly allows passing a full URL to the proxy request command, which expands the skill from a DeskTime integration into a general-purpose outbound HTTP client. In an agent context, this can enable SSRF-like behavior, exfiltration to arbitrary hosts, or interaction with unintended third-party/internal services far beyond the stated DeskTime scope.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
DeskTime handles sensitive employee monitoring, attendance, and productivity data, yet the documentation does not warn about privacy sensitivity, access control, or the need for explicit authorization before accessing or modifying such data. In an agent setting, omission of these guardrails can normalize over-collection or disclosure of employee data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The proxy section describes arbitrary HTTP methods, headers, body data, and full-URL capability without any warning about destructive operations or off-scope network access. This increases the risk that an agent will perform unsafe POST/PUT/PATCH/DELETE requests or make arbitrary outbound calls without adequate user confirmation or domain restriction.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal