ClawHub

Task Status

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its status-update purpose, but it can send updates through Telegram to a hard-coded default recipient using local Clawdbot credentials that are not clearly declared.

Before installing, set TELEGRAM_TARGET to your own intended chat or remove the Telegram send path, avoid secrets in status text or details, review the hard-coded paths and logging helper, and make sure any monitor or cron job is stopped when the task is done.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI03: Identity and Privilege Abuse
High
What this means

If run in a configured Clawdbot environment, task status text could be sent from the user's account to an unintended hard-coded Telegram chat.

Why it was flagged

The helper can use the user's local Clawdbot/Telegram sending authority and falls back to a fixed numeric Telegram recipient when TELEGRAM_TARGET is not set, despite the metadata declaring no required env vars or primary credential.

Skill content
gateway_token = os.environ.get("CLAWDBOT_GATEWAY_TOKEN") ... target = os.environ.get("TELEGRAM_TARGET", "7590912486") ... "channel": "telegram"
Recommendation

Remove the hard-coded default recipient, require an explicit user-configured target, and declare the gateway token and Telegram target in the skill metadata.

#
ASI10: Rogue Agents
Low
What this means

A forgotten monitor or cron job could keep sending status updates and clutter or leak activity details to the configured chat.

Why it was flagged

The skill documents user-directed scheduled/recurring status updates, which are aligned with its purpose but can continue producing messages if left enabled.

Skill content
"interval": "5s", "enabled": True ... This allows status updates even when you're not actively watching.
Recommendation

Use periodic monitoring only when needed, stop monitors promptly, and verify or remove any cron job after the task finishes.

#
ASI06: Memory and Context Poisoning
Low
What this means

Sensitive filenames, task descriptions, or error details included in status messages could remain in local logs.

Why it was flagged

The logging helper persists outgoing status messages to a local JSONL file, which can retain task names, details, or error text.

Skill content
LOG_FILE = LOG_DIR / "telegram_messages.jsonl" ... log_message(formatted, direction="out", task_name=step_name, status_type=status_type)
Recommendation

Avoid putting secrets in status messages and review, relocate, or disable the logging helper if local retention is not desired.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Users may have to install or rely on an undeclared Python package before the skill works.

Why it was flagged

The script depends on a WebSocket Python package, but the install metadata lists no required binaries, dependencies, or install spec, leaving runtime dependency provenance unclear.

Skill content
import websocket
Recommendation

Declare the exact Python dependency and version, or document that the environment must already provide it.