ClawHub

auto-complex-task-planner

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned, but it automatically delegates broad tasks to sub-agents and stores raw task details without enough user control or privacy disclosure.

Install only if you are comfortable with automatic sub-agent delegation and local task-history logging. Avoid using it for credentials, sensitive business data, account operations, or broad delete/batch actions unless you add confirmation and review steps, monitor created sub-agents, and periodically clear the workspace memory records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (12)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The README states users can 'just use naturally' and that the skill will 'automatically detect complex tasks,' which creates an overly broad and implicit activation model. For a skill that can create parallel sub-agents and execute tasks automatically, vague invocation criteria can cause unintended triggering on ordinary prompts, leading to unreviewed actions, excess resource use, and unexpected task delegation.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The keyword taxonomy uses broad everyday terms such as 'create,' 'build,' 'report,' 'document,' 'search,' and 'find' without exclusions or disambiguation rules. In a skill that automatically classifies tasks and launches sub-agents, this ambiguity increases the chance that routine conversational prompts are misclassified as executable complex tasks, causing unintended parallel execution or task processing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README promotes automatic execution, parallel sub-agent creation, task recording, progress tracking, and auto-cleanup without disclosing operational or security risks. Because this skill can consume system resources, persist task data, and potentially affect user files or environment state, the lack of warnings and constraints may lead users to enable or trust it without understanding the impact surface.

Vague Triggers

High
Confidence
92% confidence
Finding
The README describes automatic detection of 'complex tasks' and immediate creation of sub-agents from broad natural-language cues, without requiring explicit user confirmation or clear scope limits. In an agentic environment, this can cause unintended delegation, excessive tool use, or execution of risky bulk/development actions from ordinary phrasing, making accidental misuse likely.

Vague Triggers

High
Confidence
95% confidence
Finding
The task classification table uses very generic keywords such as '开发', '创建', '删除', '搜索', and '报告', which can match many ordinary requests and escalate them into autonomous sub-agent workflows. Because some categories include potentially destructive or high-impact operations like batch deletion, overbroad matching materially increases the chance of unsafe or unintended execution.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation advertises automatic sub-agent creation, parallel execution, JSON task records, progress tracking, and daily reports, but does not warn users about resource consumption, background activity, log retention, or possible persistence of sensitive task content. This omission can lead users to unknowingly expose data or overload shared environments when the skill operates at scale.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger examples are very broad and map to common requests like research, development, document generation, and batch operations, making accidental activation likely. In this skill's context, unintended activation is more dangerous because it can automatically spawn sub-agents and parallelize work, expanding the scope of actions taken from a simple user prompt.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Automatic classification based on generic keywords like '开发', '删除', or '报告' is ambiguous and can misroute ordinary requests into autonomous multi-agent execution. This is especially risky here because the skill supports batch handling and deletion-oriented tasks, so a loose keyword match could amplify destructive or privacy-impacting actions without sufficient human review.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The description emphasizes efficiency gains but does not clearly warn that the skill may automatically create multiple sub-agents and execute tasks in parallel. That omission undermines informed consent and makes the broad triggers more dangerous, because users may submit seemingly routine prompts without realizing they are authorizing expanded autonomous processing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill states that it performs JSON task recording, progress tracking, daily statistics, and cleanup, but it does not warn users about data retention, storage location, or what content may be logged. In a planning/orchestration skill, task records can easily contain sensitive prompts, filenames, outputs, or operational metadata, making silent persistence a meaningful privacy and security concern.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The scheduler persistently stores raw task text and user identifiers into JSON and Markdown files under a shared workspace path without consent, minimization, or access controls. Because task text may contain secrets, internal plans, personal data, or sensitive operational instructions, this creates a durable privacy and data-exposure risk if the workspace is read by other tools, users, agents, backups, or logs.

Ssd 3

Medium
Confidence
98% confidence
Finding
Recording raw user prompts and identifiers in plain language creates a data-leak pathway because later agents, operators, or systems that inspect the memory/history files can recover sensitive instructions and identities. In this skill context, the risk is higher because the scheduler is designed for complex research, development, and batch tasks, which are especially likely to include proprietary code requests, credentials, internal project names, or regulated data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal