ClawHub

Nex Timetrack

Security checks across malware telemetry and agentic risk

Overview

Nex Timetrack appears to be a real local time tracker, but it needs review because its export option can write outside its own folder and overwrite user files.

Review before installing. Use the default export location, avoid custom --output paths unless you are certain where they resolve, and assume exported files can contain client names, emails, rates, hours, and notes. Back up the local database before deleting entries or relying on it for billing records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
82% confidence
Finding
Several triggers are broad natural-language phrases such as 'track time', 'log hours', 'timesheet', and 'project hours', which can plausibly appear in ordinary conversation. That raises the chance of accidental invocation, causing timers to start, entries to be logged, or summaries to be generated without the user intending to invoke this skill.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation exposes destructive and data-exfiltrating functions like 'delete' and 'export' without warning about irreversible deletion, local file output, or the sensitivity of billing/client data. In a conversational agent context, users may trigger these actions casually, leading to data loss or unintended disclosure of client names, rates, hours, and notes.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The export command constructs the output path from user-controlled input (`args.output`) and writes data to it without constraining the filename or warning the user. In a local CLI tool this is usually not remotely exploitable, but it can still overwrite arbitrary files reachable by the current user via absolute paths or path traversal sequences, especially if the tool is invoked by another program or automation with untrusted parameters.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal