ClawHub

Task Specialist

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local task-management skill whose stored verification commands are printed for manual review rather than executed automatically.

Before installing, understand that this skill keeps a local .tasks.db in each workspace and can store task notes plus verification commands. Do not put secrets in the database, and manually inspect any printed verification command before running it. Use --symlink only if you want task and task-heartbeat added to ~/.local/bin.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The changelog presents contradictory security behavior: 2.1.0 says verification command execution was disconnected from auto-execution to prevent recursive RCE, while 2.0.0 states task completion will automatically execute a bash subshell command. In an agent-oriented task runner, this inconsistency is dangerous because users and downstream agents may assume manual-only execution while the feature may still permit stored command execution during workflow completion.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The changelog documents a feature where `--verify` stores a shell command that is automatically executed on task completion, but it provides no warning that this is arbitrary shell execution. In this skill's context—an autonomous, multi-agent task system—task metadata may be influenced by other agents or untrusted project content, so silent execution of stored shell commands can become a direct command-injection/RCE path.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal