ClawHub

Task Detection + Proactive Thinking

Security checks across malware telemetry and agentic risk

Overview

This task-monitoring skill is relevant to its stated purpose, but it asks for automatic task changes, scheduled execution, persistent logs, and Feishu alerts without clear approval or data-sharing controls.

Install only in workspaces where the agent is allowed to read task boards and create persistent memory logs. Keep auto-fix, deadline/schedule changes, command retries, daily summaries, and Feishu alerts disabled unless you explicitly approve each action and understand what project data may be stored or sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (12)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises automatic resolution without warning that the skill may modify task files or task state on the user's behalf. In an agent context, that can lead to unauthorized or surprising changes, especially if the detection logic misclassifies tasks or operates on shared project state.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README says critical notifications are pushed via Feishu but does not disclose that task information may be transmitted to an external service. This creates privacy and data-handling risk because task names, statuses, blockers, or other sensitive project details could be sent off-platform without informed consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow description normalizes auto-fix and Feishu alerting as default behavior without warning that these steps can alter local task records or disclose project data externally. Because this is an automation skill for OpenClaw agents, users may reasonably rely on the README for safety expectations, making the omission more dangerous in practice.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states it will attempt auto-fixes and write results to task-related files, but it does not require explicit user confirmation before modifying project records. In a task-management context, silent edits can corrupt status tracking, overwrite human intent, or create misleading audit history, especially when anomaly detection may be heuristic and wrong.

Missing User Warnings

High
Confidence
98% confidence
Finding
The auto-adjust behavior includes changing deadlines, downstream schedules, and priorities without clear authorization boundaries. This is more dangerous than simple note-taking because it can directly alter project planning, mask delivery risk, and trigger cascading decisions based on machine-generated assumptions rather than validated human judgment.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill sends critical alerts to Feishu but provides no privacy notice, consent flow, or data-minimization guidance for external transmission. Task boards and thinking logs may contain internal project details, blockers, ownership, deadlines, or operational metadata that should not be sent to third-party services automatically.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description explicitly promises to 'attempt auto-fixes,' which signals autonomous modification of task and memory files without a clear upfront warning about what will be changed, when, and under what safeguards. In an agent skill, silent file mutation can cause integrity issues, unexpected state changes, or destructive edits if anomaly detection is wrong or manipulated by crafted task content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill specifies Feishu pushes for critical alerts but does not warn that task names, deadlines, blockers, or other operational data may be sent to an external service. This creates a privacy and data-governance risk, especially if task boards contain sensitive project details, internal identifiers, or customer information.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly states it will automatically attempt fixes such as supplementing missing information, retrying commands/interfaces, updating task states, and writing outputs to memory files, but it does not warn users that these actions can modify local project data without explicit confirmation. In a task-management skill with auto-fix enabled by default, undocumented write behavior increases the risk of unintended file changes, state corruption, or destructive workflow side effects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation says critical alerts are pushed to Feishu but does not disclose what task data may be transmitted externally or warn about privacy and data-handling implications. Because this skill analyzes task status, blockers, deadlines, and memory context, outbound notifications could expose sensitive operational or project information to third-party systems without informed user consent.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The package metadata describes the skill as automatically scanning task status, identifying anomalies, generating solutions, and attempting auto-fixes without defining clear boundaries, triggers, or approval requirements. In an agent ecosystem, this kind of broad auto-invocation language can cause overreach into unrelated tasks or trigger autonomous state-changing behavior, increasing the risk of unintended actions and privilege misuse.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
---

## Detection Rules (Auto-execute)

### 1. Scan HEARTBEAT.md
Confidence
90% confidence
Finding
Auto-execute

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal