ClawHub

Skylv Context Aware Scheduler

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local scheduler, but it can repeatedly run unrestricted shell commands from editable task files.

Install only if you intentionally want a local command scheduler and trust every task file it will read. Review all action.command, cwd, and env values before running, avoid watch or now on untrusted task files, and run it in a restricted environment if scheduled commands could affect files, accounts, publishing, or business data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises automation behavior that inherently relies on environment and local system access, but it does not declare the permissions/capabilities this requires. That mismatch can mislead reviewers and users about the skill’s true reach, reducing informed consent and weakening sandboxing or policy enforcement.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
This is a high-risk description/behavior mismatch because the skill is presented as a scheduler with priority management, but the documented behavior includes arbitrary shell command execution, file watching, daemonized polling, and persistent state handling. In a scheduler context, those capabilities are especially dangerous because they enable repeated or condition-triggered execution of attacker-controlled commands, potentially turning the skill into a persistence and command-execution mechanism.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The task definition includes a shell command to be executed on a timer, which grants code-execution capability rather than merely scheduling or prioritizing work. Even though the current command is a harmless echo, the dangerous capability is present and could be repurposed to run arbitrary commands if the task file is modified or influenced by untrusted input.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill is described as a context-aware scheduler, but the configuration exposes arbitrary command execution without any visible justification or containment. This mismatch increases risk because users may trust the skill as a passive scheduler while it actually has the ability to execute system commands on a recurring basis.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger keywords are broad enough to match many normal user requests such as 'schedule', 'trigger', or 'automation', which increases the chance this skill activates in contexts where the user did not intend to grant scheduling and command-execution capabilities. Because this skill can run commands and watch files, overbroad invocation raises the risk of accidental or abusive use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal