ClawHub

NextCloud Deck Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a plausible NextCloud Deck task-tracking skill, but it gives an agent broad external logging, notification, and card-deletion authority with weak scoping and safety guidance.

Review before installing. Use this only if you trust the separate `deck` CLI and intentionally want your agent to store task details in NextCloud. Avoid tracking secrets or private prompts, verify who monitor notifications go to, use a limited app password, and manually review cards before running archive or delete commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documented `deck monitor` command performs chat notifications to a target user, but that behavior is omitted from the manifest description. Hidden or under-disclosed outbound messaging behavior is security-relevant because users may enable the skill expecting only board tracking, while it can also generate periodic notifications to another party, creating privacy and trust risks.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README documents `deck archive-done` as a routine cleanup action without an explicit warning that it performs a destructive state change on task data. In an AI-agent context, documented commands are likely to be executed automatically, so omitting confirmation, backup guidance, or dry-run behavior increases the risk of unintended archival and loss of visibility into completed work.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The AI protocol instructs the agent to track every user request by creating a Deck card, but it does not warn that user prompts may contain secrets, personal data, internal project details, or regulated information. Because this skill transmits task content to an external NextCloud service, the blanket instruction can cause unnecessary data disclosure and persistent storage of sensitive user input.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
`deck archive-done` is a destructive state-changing operation, yet the documentation does not warn users that it will archive all completed cards. In an agent context, under-documented destructive actions increase the chance of accidental bulk modification of task records, which can disrupt workflows and make recovery difficult depending on server retention behavior.

Missing User Warnings

High
Confidence
97% confidence
Finding
The `deck delete` command removes user data, but the skill documentation provides no warning about permanence or scope. In an automated-agent setting, a terse destructive command without safety guidance materially increases the risk of accidental deletion of cards and associated operational history.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal