ClawHub

Do Cli

Security checks across malware telemetry and agentic risk

Overview

This skill is for a real todo and habit CLI, but it understates its ability to change personal task and habit data while presenting itself as safe for autonomous agents.

Install only if you intend an agent to operate this specific do account. Use a narrowly scoped API key, prefer environment variables over saved config for agent runs, and require explicit user intent before commands that capture tasks, mark tasks done, snooze tasks, or log habits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill asserts there are 'no destructive verbs' and 'no create/update/delete,' but the documented interface includes clear state-changing operations such as capture, task done, task snooze, and habit log. This can mislead an autonomous agent or operator into granting the tool broader trust than warranted, increasing the chance of unintended writes to a user's task and habit data.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The manifest-level description claims the tool is safe for autonomous use because it lacks destructive verbs, yet the same skill advertises write-capable commands. This mismatch is dangerous because metadata is often what routing systems and agents use first, so the misleading trust signal may cause the tool to be invoked automatically in contexts where state changes were not intended.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger guidance includes broad phrases like wanting to 'manage their todos' or 'capture or review tasks and habits,' which are common in ordinary conversation and can cause over-broad automatic invocation. In a tool that can mutate user data, ambiguous routing increases the risk of unintended task creation, completion, snoozing, or habit logging.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal