ClawHub

Kanban Workflow Export

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Kanban/project-management automation skill, with meaningful but disclosed ability to read and update work items through your authenticated CLI accounts.

Install only in workspaces where you are comfortable letting the skill act with your existing PM CLI/API permissions. Use least-privilege tokens or scoped CLI sessions, review config/kanban-workflow.json before committing it, and enable cron or automatic progress updates only when periodic external comments and stage changes are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Low
Confidence
84% confidence
Finding
The setup flow states that it writes config/kanban-workflow.json, but the warning is easy to miss and does not clearly frame this as a filesystem side effect before execution. Undisclosed local writes reduce informed consent and can surprise users, especially in automation contexts where working-directory file changes may affect other tools or leak configuration into repos.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises automatic progress-update comments every 5 minutes for in-progress tasks but does not provide a prominent warning that this causes outbound writes to external PM systems. In agentic environments, automatic posting can disclose internal status, generate noisy or unintended communications, and act through the user's authenticated CLI context without sufficiently explicit consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The requirements explicitly mandate automatic progress-update comments every 5 minutes while a task is in progress, which creates recurring external writes without a per-action user confirmation or even a warning that autonomous posting will continue in the background. In an agent skill, this can leak sensitive work details, spam external systems, and cause unintended side effects long after the initiating command.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The requirements for `show` and `next` explicitly include private/internal comments where supported, but provide no privacy guardrails, minimization, or warning before surfacing that data to the agent or user. This can expose sensitive internal discussions, credentials, incident details, or HR/legal content beyond the minimum needed for task execution.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
This function automatically posts comments to external work items without any built-in confirmation, disclosure, or explicit opt-in mechanism. In an agentic workflow skill that integrates with PM systems, that creates a real risk of unintended external side effects, noisy spam, or disclosure of incorrect/generated status text to collaborators, especially when `getMessage` is agent-supplied.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal