ClawHub

Kaiten

Security checks across malware telemetry and agentic risk

Overview

This Kaiten skill is a real project-management integration, but it needs review because it can use your token to change or delete live board data without documented confirmation safeguards.

Install only if you want an agent to operate Kaiten with your account's permissions. Use a limited Kaiten token where possible, keep the secrets file private, verify the saved default board/state before acting, and require the agent to summarize and get explicit confirmation before deletes, moves, member removals, tag removals, or broad updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README states the skill is automatically triggered when users mention broad, common terms like 'tasks', 'boards', or 'cards'. This can cause unintended activation in unrelated conversations, increasing the chance the agent performs Kaiten API actions in the wrong context, especially because the skill also exposes write operations and remembers prior state.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The feature list prominently includes destructive and modifying operations like create, update, move, and delete cards, but does not warn users that these actions change live project data. In an agent skill context, lack of clear safety messaging raises the risk of accidental destructive operations, particularly when combined with broad triggering and persisted default/last-used state.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly enables destructive and state-changing actions such as delete, move, patch, and create operations, but provides no requirement for user confirmation, dry-run behavior, or warning before executing them. In an agentic setting, ambiguous prompts or misunderstood context could cause unintended changes to project data, especially because the skill is framed as a general-purpose action handler for many PM tasks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal