ClawHub

Cli Deadline Monitor

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate Greek compliance deadline monitor, but its documented scope, data use, network integrations, and optional credentials are broader than the headline setup makes clear.

Review this before installing if you only want a narrow tax-deadline helper. Enable Slack, SMS, SMTP, or calendar integrations only if you are comfortable sending compliance reminders through those providers, and avoid feeding broad business address, VAT, property, or permit data unless those local-compliance features are needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Intent-Code Divergence

High
Confidence
95% confidence
Finding
Claiming that no external credentials are required while declaring multiple optional secrets for Slack, SMS, SMTP, and calendar integrations understates the trust and security posture required to operate the skill. Even if optional, these integrations expand the attack surface and create risk of secret misuse, unauthorized outbound messaging, or data leakage if users are not clearly informed.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
Claiming that no external credentials are required while declaring multiple optional secrets for Slack, SMS, SMTP, and calendar integrations understates the trust and security posture required to operate the skill. Even if optional, these integrations expand the attack surface and create risk of secret misuse, unauthorized outbound messaging, or data leakage if users are not clearly informed.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest describes a narrow AADE/EFKA tax-deadline monitor, but the body expands into municipal taxes, business licenses, construction permits, municipality-specific fees, and broader compliance workflows. This scope expansion can bypass user expectations and approval boundaries, leading to collection or processing of additional business data and more extensive network interactions than the declared purpose suggests.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
Municipality detection from business address, property location, and VAT registration introduces collection and inference of organization-specific location and registration data beyond a simple deadline monitor. In context, this is more sensitive because it links operational identifiers to compliance workflows and could enable unnecessary profiling or broader data processing without clear justification.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description and setup materially understate external network use despite extensive documentation of API calls, website scraping, webhooks, email, SMS, and calendar synchronization. This weakens informed consent and security review because deployers may treat the skill as local-only while it is designed to communicate with multiple external systems.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
export OPENCLAW_DATA_DIR="/data"

# 2. Ensure jq is installed
which jq || sudo apt install jq

# 3. Ensure client data exists
ls $OPENCLAW_DATA_DIR/clients/*/compliance/obligations.json
Confidence
93% confidence
Finding
sudo

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal