ClawHub

bun-do

Security checks across malware telemetry and agentic risk

Overview

This looks like a local task-management skill, but it gives the agent under-scoped authority to mutate and delete task data and includes an unsafe command pattern that could be misused if user text is substituted directly.

Install only if you trust the local Bun Do API and are comfortable with the agent changing task data. Before using it, require explicit confirmation for deletes, completion changes, and project/log creation, and avoid pasting user-provided search text into the documented shell/Python command without proper quoting or a safer JSON-processing method.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
97% confidence
Finding
The skill advertises very broad triggers such as "task," "remind me," "deadline," "bill," and "add to my list," which are common phrases that can appear in unrelated conversations. This increases the chance of unintended invocation and accidental task/project mutations, especially because the skill also supports destructive and state-changing operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The API reference documents DELETE operations for tasks, subtasks, projects, and log entries without any warning or confirmation expectation. In an agent setting, this can normalize immediate destructive actions and lead to irreversible local data loss from ambiguous user requests or mis-resolution of IDs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The proactive guidance explicitly tells the agent to autonomously mark tasks done and add project entries at end of day. That authorizes state changes without fresh user consent, creating a risk of incorrect completions, false records, and integrity issues in the user's task/project history.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal