ClawHub

Live Task Pulse

Security checks across malware telemetry and agentic risk

Overview

This is a mostly transparent progress-tracking skill, but its local CLI can be misused to read or modify JSON files outside its intended task folder.

Review before installing. Use it only if you want automatic progress tracking and chat notifications, and avoid putting secrets, private URLs, customer data, credentials, or sensitive error text in task names or results. Before using it in a shared or sensitive workspace, patch task ID validation so reads and writes cannot leave the task directory, or restrict use to task IDs generated by the create command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill describes and instructs use of filesystem persistence and a Python CLI, implying file read/write and likely environment access, but it declares no permissions. Undeclared capabilities undermine least-privilege controls and prevent users or the platform from understanding what resources the skill may touch, which is especially risky because it stores task state on disk and encourages automatic activation.

Tp4

High
Category
MCP Tool Poisoning
Confidence
80% confidence
Finding
The skill claims mandatory live push notifications, automatic activation, status-query triggers, and auto-cleanup, but the file only contains procedural instructions and examples rather than implemented safeguards or integration logic. This mismatch can cause operators to assume monitoring, notifications, and cleanup are happening when they are not, leading to silent failures, stale data retention, and misleading trust in the skill's behavior.

Vague Triggers

High
Confidence
84% confidence
Finding
Trigger phrases like 'what's running', 'task status', and '任务进度' are common conversational language and may collide with ordinary user queries unrelated to this skill. Because the skill is designed to auto-send messages and reveal stored task state, false triggering can leak information about ongoing tasks or create confusing unsolicited updates.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Trigger phrases like 'what's running', 'task status', and '任务进度' are common conversational language and may collide with ordinary user queries unrelated to this skill. Because the skill is designed to auto-send messages and reveal stored task state, false triggering can leak information about ongoing tasks or create confusing unsolicited updates.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill prominently advertises automatic live push notifications and JSON persistence but does not present a clear user warning or consent mechanism about storing task data on disk and sending updates automatically. In a progress-tracking skill, stored step names, status text, URLs, and error messages can easily contain sensitive operational or personal data, so hidden persistence and push behavior materially increases privacy and data-handling risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal