ClawHub

task-cost-estimator

Security checks across malware telemetry and agentic risk

Overview

This is a local AI model cost-estimator with minor privacy notes about an aggregate history file, but no evidence of exfiltration or harmful behavior.

Reasonable to install if you are comfortable with local aggregate usage history being kept in ~/.hermes/task-cost-history.json. On shared machines, use --reset-bonus to clear it when needed, and prefer installing from a pinned commit or reviewed release rather than an unpinned GitHub branch.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The CLI persists per-user usage statistics in ~/.hermes/task-cost-history.json even though the skill is presented primarily as a pre-task cost estimator. While it does not store full task text, undisclosed persistent storage creates a privacy and data-minimization issue because usage metadata is retained across sessions without explicit opt-in or clear notice.

Description-Behavior Mismatch

Low
Confidence
95% confidence
Finding
The tool writes persistent usage history to ~/.hermes/task-cost-history.json even though its stated function is model selection and cost estimation. Undisclosed persistence is risky because task descriptions may contain sensitive prompts, project names, code fragments, or business context that remain on disk and can later be read by other local users, backup systems, or malware.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
Aggregate usage data is written to a persistent file without user-facing disclosure in normal operation. In a CLI that may be used on shared systems or with sensitive workflows, silent persistence can expose behavioral metadata such as how often the tool is used and approximate spending patterns.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The code passes the full user task string into save_lifetime(best, expensive, task), and the persistence behavior is undisclosed. Task descriptions often contain sensitive business requests, debugging details, credentials pasted by mistake, or proprietary code context; persisting them locally without warning increases confidentiality risk and creates unnecessary data retention.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal