ClawHub

task-manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local task tracker that writes assistant task records to a TASKS.md file, with no evidence of networking, credential access, deception, or destructive behavior.

Install this only if you want automatic local task logging. Avoid placing secrets in task descriptions, review TASKS.md periodically, customize the storage path if needed, and run the helper script only against the intended task-log file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The release text claims the skill 'automatically takes effect after installation' and records 'any new task' without defining scope, triggers, exclusions, or requiring explicit user confirmation. This kind of broad autonomous behavior can cause unintended data capture and persistence, especially if ordinary conversation items or sensitive requests are interpreted as tasks and written to workspace files.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The description says all new tasks are automatically written to TASKS.md but does not clearly warn users that the skill will modify workspace files on their behalf. Undisclosed automatic file writes can alter project state, leak sensitive task details into persistent storage, and surprise users who did not intend to create or modify tracked records.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The activation description is broad enough that ordinary conversation about tasks could trigger the skill unintentionally. In context, that matters because the skill is designed to automatically create or modify a workspace file, so accidental activation can cause unexpected writes, task leakage into logs, or persistence of user content without clear consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill specifies a default file path and says the task log is stored in the workspace root, but it does not warn users that invoking the skill will write persistent data. This is risky because task descriptions may contain sensitive information, and automatic file creation/modification can alter user data or create privacy issues without informed consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow mandates automatic file creation and updates for every new task and status change, including within a time window, without any user-facing caution or consent step. In this skill's context, mandatory persistence increases the chance of unauthorized or surprising writes, accumulation of sensitive operational history, and unintended modification of workspace state.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal