ClawHub

Workflow Chain

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for QuickBooks workflow automation, but it should be reviewed because it can run broad financial-data pipelines, write local outputs, and initiate authentication recovery without clearly bounded user confirmation.

Install only if you trust the publisher with QuickBooks-connected financial workflows. Before running it, require the agent to confirm the exact client, period, scripts, auth action, and output directory, and avoid automatic reauthentication unless you explicitly approve it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to run an external credential-refresh command (`node integrations/qbo-client/bin/qbo connect <slug>`) when a token expires, which expands scope from workflow orchestration into authentication management. That creates a risky privilege boundary crossing: a workflow runner should not autonomously initiate auth flows or manipulate credentials, especially based on runtime errors, because it may trigger unintended account linking, reauthentication, or credential handling outside user awareness.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases include broad language such as 'run everything', 'full suite', and generic workflow wording, which increases the chance of accidental invocation for requests that are ambiguous or larger than the user intended. In a skill that launches multiple scripts and writes outputs to disk, unintended activation can cause unnecessary data processing, excessive side effects, and execution of workflows without sufficiently precise user consent.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill provides concrete execution commands and output conventions but does not clearly warn that invoking it will execute multiple scripts, potentially in parallel, and persist artifacts such as spreadsheets, logs, and manifests to local disk. That omission undermines informed consent and makes accidental data exposure or unexpected filesystem side effects more likely, especially when handling client financial data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal