ClawHub

Hive Task Router

Security checks across malware telemetry and agentic risk

Overview

This is a coherent task-routing skill, but it needs review because it can automatically delegate prompts to subagents or external providers and its shell script executes a writable cache file as shell code.

Review before installing. Use it only if you are comfortable with automatic task delegation to configured model providers and subagents. Patch router.sh to parse the cache safely instead of sourcing it, keep the cache directory private, and require confirmation before routing sensitive, costly, or parallel work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The manual trigger phrases include generic language such as "analyze this task" and "which model should I use for this task," which can overlap with ordinary user conversation about planning or model choice. In an agentic environment, this can cause unintended activation of the router and downstream subagent execution, increasing the chance that user content is sent to external providers or executed in a different runtime without clear intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill strongly encourages automatic routing of tasks to provider-specific models and subagents, but it does not clearly warn users that task contents may be transmitted to external model providers or separate execution contexts. This creates a privacy and data-handling risk, especially for research, code, or document tasks that may contain sensitive business, personal, or proprietary information.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The routing logic is driven by broad keyword lists and a fixed priority order, which can misclassify ordinary user requests and send them to a higher-privilege or externally connected execution path than intended. In this skill, misrouting is security-relevant because task type determines model choice, session isolation behavior, and whether subagents may be spawned, increasing the chance of unintended data exposure or unsafe automation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documented parallel subagent pattern forwards arbitrary task text to external model providers and encourages concurrent fan-out without an in-context disclosure or consent step. This is dangerous because users may submit sensitive prompts that are duplicated across multiple provider calls, multiplying data exposure, cost, and loss of control over where task content is processed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal