ClawHub

Temp Heartbeat - 临时心跳

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed temporary scheduler, but it stores free-form task text and tells the agent to execute it later without clear safety limits or fresh confirmation.

Review this before installing if your agent can take real actions on files, accounts, APIs, or external services. Use it only for reminders or low-impact read-only checks, avoid putting secrets or sensitive personal details in scheduled tasks, and require fresh confirmation in your environment before any destructive, public, financial, or account-changing scheduled action runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrase "定时任务" is generic and likely to appear in ordinary conversations about scheduling or reminders, so the skill may activate unintentionally when a user is not explicitly invoking it. In an agent environment, overly broad triggers can cause misrouting, unexpected task creation, or execution of skill logic without clear user intent.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly states that stored task content will be 'executed' later, but it does not warn users that arbitrary task text may be automatically run after persistence. In an agent context, deferred execution of user-provided content can become prompt injection or unauthorized action execution, especially because the task file is later read and passed into executeTask(file, content) without any described validation, permission boundary, or confirmation at execution time.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger set includes a broad generic phrase, "定时任务", which can overlap with common scheduling or task-management requests unrelated to this specific skill. In keyword-triggered systems, overly broad activation increases the chance of unintended invocation, causing the skill to intercept user requests it was not meant to handle and potentially perform actions in the wrong context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal