ClawHub

Nerve Kanban

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for controlling a Kanban API, with disclosed state-changing actions but no evidence of hidden or malicious behavior.

Install this only if you want an agent to manage a Nerve Kanban board. Require explicit approval before deletes, config changes, task execution, completion, approve/reject/abort actions, and ensure the Nerve server enforces authentication and run ownership checks, especially for the completion webhook.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents multiple state-changing and destructive operations such as delete, execute, approve, reject, abort, and configuration updates, but it provides no safety guidance about requiring explicit user confirmation or warning about irreversible workflow changes. In an agent setting, this increases the risk that the model will perform impactful actions on the Kanban board automatically or with insufficient user awareness, especially because the skill is explicitly designed for CRUD and workflow control over live tasks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The API reference describes `/api/kanban/tasks/:id/complete` as callable externally and even notes it can be called outside the trusted background poller, but it provides no warning that this endpoint must be authenticated and bound to the specific spawned run. An attacker who can reach this endpoint could forge completion or error events, inject arbitrary `result` content, and force task state transitions from `in-progress` to `review` or back to `todo`.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal