ClawHub

Dashtask.ai - Task/Project manager and CRM built for AI Agents and Humans to work together.

Security checks across malware telemetry and agentic risk

Overview

This is a documented DashTask API skill that can make real business changes, but its behavior is disclosed, scoped by API key permissions, and aligned with its stated purpose.

Install only with a dedicated DashTask API key that has the minimum scopes needed. Verify the endpoint belongs to your DashTask organization, and require clear user approval before deleting records, changing settings or dimensions, creating notifications, or sending CRM/nudge emails.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README prominently documents destructive and outward-facing capabilities such as deleting records, sending emails, creating notifications, and modifying organization settings, but it does not include explicit safety guidance requiring user confirmation before impactful actions. In an agent-facing skill, that omission can lead an LLM agent to perform irreversible changes or external communications based on ambiguous prompts, increasing the risk of accidental data loss, spam, or unauthorized business actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill exposes destructive operations (for example delete/archive actions) and outbound communication capabilities such as sending emails and nudges, but it does not provide explicit safety guidance requiring user confirmation before high-impact actions. In an agent setting, that omission can lead to unintended data deletion, unwanted notifications, or unauthorized external communications if the model acts on ambiguous prompts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal