ClawHub

Repo Kanban PM

Security checks across malware telemetry and agentic risk

Overview

This skill sets up a disclosed repo PM workflow and optional daily review cron, with no evidence of hidden exfiltration or destructive behavior.

Install only in repos where you want this PM workflow. Run the init script from a clean branch or clean git state so you can review generated docs and AGENTS.md changes. Enable the daily cron only if you intentionally want recurring automated PM review that may use local gh credentials and run repo checks such as npx tsc.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill explicitly tells the user to run a repository-initialization script that creates files and patches AGENTS.md, but it does not clearly warn that this will modify project state. That can lead to unintended changes being applied to the wrong repository or without review, which is a real safety issue even though the described behavior appears aligned with the skill's stated purpose.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs users to run a script that adds a daily PM cron job, but it does not clearly disclose that this installs a recurring scheduled task on the host system. Silent or insufficiently explained persistence is more dangerous than ordinary repo edits because it affects the user's environment beyond the repository and may continue executing over time.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script creates a persistent scheduled task immediately via `openclaw cron add` without any confirmation prompt, dry-run mode, or explicit warning that it is modifying long-lived automation state. In a repo-setup skill, this is operationally risky because a user may run it expecting local configuration only, but instead install recurring background behavior that continues acting on the repository.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal