ClawHub

Team Status Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it enables confidential workplace monitoring of team response behavior and performance-adjacent notes without enough privacy, consent, retention, or access-control guidance.

Install only if your organization has approved this kind of employee or contractor monitoring, Slack data processing through Maton Gateway, and local Obsidian storage. Use least-privilege Slack credentials, avoid broad conversation-history collection, restrict the vault, set explicit retention and deletion rules, and avoid behavioral or performance judgments unless formally authorized.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill's stated purpose is team status collection, but it explicitly permits sharing client budgets, payment milestones, and cash-flow details with team members when a flag is enabled. This broadens data disclosure beyond what is necessary for status tracking and can expose sensitive commercial information to recipients who may not have a need to know.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documented examples instruct the agent to disclose client financial details and payment status even though these are not required to gather project updates. That creates unnecessary sensitive-data exposure and increases the risk of violating confidentiality obligations, contractual restrictions, or internal information segregation policies.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes confidential behavioral pattern analysis, response monitoring, and internal tracking of non-responders without any clear notice, consent, or privacy safeguards for affected team members. This creates a real privacy and workplace-surveillance risk because the skill operationalizes collection of potentially sensitive behavioral metadata while emphasizing secrecy rather than transparency.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill directs creation of confidential Obsidian files containing response times, quality assessments, behavioral notes, and non-responder tracking without any warning about privacy, consent, retention, or employment-data sensitivity. Storing employee behavioral and performance-adjacent data in personal notes can create compliance, insider-risk, and misuse concerns if access controls and governance are absent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The Slack API examples show listing users, sending DMs, and retrieving conversation history, but the skill does not warn about the sensitivity of accessing employee communications or define limits on what may be collected. In this context, conversation-history retrieval can enable overcollection of private team communications beyond what is needed for status tracking.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This template explicitly instructs the creation of founder-only files containing individualized response times, behavioral notes, non-responder lists, and performance-adjacent observations about team members. Although it labels the data as confidential, it lacks safeguards around consent, retention, minimization, access control, or legal/privacy handling, which makes it a genuine sensitive-data handling risk rather than a harmless documentation pattern.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal