ClawHub

Kanban Workflow

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Kanban/project-management helper that uses the user's existing PM CLIs to read and update work items, with no evidence of hidden or destructive behavior.

Install only where the relevant PM CLIs are authenticated for the repos or projects you intend this skill to manage. Expect explicit verbs and enabled automation helpers to post comments, create tasks, assign tasks, and move workflow stages; be careful before enabling recurring progress updates on sensitive or noisy projects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The requirement mandates automatic external writes every 5 minutes while a task is in progress, but does not require explicit user consent, visibility, or a way to disable the behavior. In an agent skill, repeated autonomous posting can leak sensitive work context, create audit/compliance issues, and spam external systems without the operator realizing ongoing side effects are occurring.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill requires show/next to display private or internal comments where supported, but does not require any warning, scoping, or least-privilege handling for potentially sensitive content. This increases the chance that confidential HR, security, customer, or internal-only notes are exposed to downstream agents, logs, terminals, or users who were not expecting privileged material to be surfaced.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The show() verb explicitly requests comments with includeInternal: true and then returns them as part of the payload without any access-control check, masking, or user-facing indication that privileged/internal discussion is included. In a PM-integrated agent skill, this can expose sensitive internal notes, triage details, security discussions, or private operational context to users or downstream agents that should only see external/public comments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal