ClawHub

agent-task-tracker

Security checks across malware telemetry and agentic risk

Overview

This is a local task-tracking skill, but it automatically persists detailed task and operational context across sessions, including commands and server/process identifiers.

Install only if you want an always-on local task memory. Review and prune memory/tasks.md, and avoid using it for secrets, credentials, private customer data, sensitive commands, hostnames, or infrastructure details unless your environment treats that file as protected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill is configured to trigger on essentially every task lifecycle event and is described as automatic rather than user-invoked. That broad scope increases the chance of unintended activation and silent writes, especially for trivial, sensitive, or unrelated tasks where persistent tracking may not be appropriate.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to persist task state to a local file but provides no warning that user and operational data will be stored across sessions. This undermines transparency and informed consent, and may lead to retention of information users did not expect to be written to disk.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill promotes maintaining persistent task context as a cross-session memory source of truth. Because it asks for enough detail to resume work later, it creates a strong risk of storing sensitive user requests, internal notes, or other context that should not persist beyond the current session.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill explicitly requires recording session IDs, PIDs, server names, commands, notes, and results in persistent storage. Those details can expose infrastructure topology, live operational state, command history, and potentially credentials or sensitive outputs, making later compromise or insider misuse more damaging.

Ssd 3

Medium
Confidence
95% confidence
Finding
The instruction to include enough detail to resume without prior conversation context encourages expansive retention of prior interactions and internal state. Even with a small file size limit, the guidance pushes the agent to preserve potentially sensitive context that may not be necessary for safe task continuity.

Context Leakage

High
Category
Data Exfiltration
Content
## When to Write

1. **Task received** → add entry with status `🔄 进行中`
2. **Background process started** → record session ID, PID, server, command
3. **Progress update** → update status/notes
4. **Task completed** → mark `✅ 完成`, record results/links
5. **Task failed** → mark `❌ 失败`, record error
Confidence
98% confidence
Finding
record session

Context Leakage

High
Category
Data Exfiltration
Content
- Update the file BEFORE reporting to user (write-first)
- Include enough detail to resume without prior conversation context
- For background processes: always record session ID + what server + what command
- For multi-step tasks: update after each step
- Keep it concise — this isn't a log, it's a state snapshot
- **Size limit: keep under 50 lines / 2KB** — this file is read every session start
Confidence
97% confidence
Finding
record session

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal