ClawHub

Agile Observer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Trello/Jira agile reporting skill, but users should deliberately authorize any credential use and recurring reports.

Install only if you want an agent to use Trello or Jira credentials to read board/project data and generate metrics. Use least-privilege tokens, confirm the exact board or project before running, avoid broad report channels, and enable the weekly cron only when you intentionally want recurring automated summaries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill expands beyond passive agile analysis into operational automation by instructing the creation of a cron job. That introduces persistence and autonomous execution, which can cause repeated access to project data or repeated message delivery without an explicit user authorization step each time.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The reference explicitly instructs the skill to obtain Jira credentials from workspace secrets, which expands the skill from analytics into secret discovery and use. Even without direct exfiltration instructions, this creates a path for unauthorized credential access and downstream API actions under a user's or workspace's Jira privileges.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow directs the agent to look for credential files in workspace secrets and fetch board/project data without a clear user-facing warning or explicit consent boundary. That increases the chance of silent secret use and unintended access to potentially sensitive operational data such as issue history, blockers, team activity, and board contents.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The document tells the skill to use workspace-stored Jira credentials without any requirement for explicit user authorization, access scoping, or confirmation that the skill is permitted to read secrets. In a skill whose stated purpose is agile metrics reporting, that omission is dangerous because it normalizes secret access as an implicit step rather than a controlled administrative action.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal