ClawHub

PMS Task

Security checks across malware telemetry and agentic risk

Overview

This skill openly automates PMS task creation in a specific GitHub repo and two Google Sheets, with no hidden installer or unrelated behavior found.

Install only if you intend to create records in the specified GitHub repository and Google Sheets. Before using it, confirm the active GitHub and Google accounts, verify that the hard-coded reporter and assignee are appropriate for your organization, and review task text for sensitive internal details before allowing the writes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly creates GitHub issues and modifies two Google Sheets, but the description and workflow do not require a clear user-facing warning or confirmation that data will be transmitted to and written into external services. This can cause unintended disclosure of user-provided content and unintended state-changing actions, especially if users do not realize the skill performs live external updates rather than just drafting content.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill hard-codes reporter and assignee identities, causing actions and records to be created under fixed people without validating that the current user is authorized to act on their behalf. This can lead to impersonation, misattribution, unauthorized assignment, and corruption of project records if invoked by someone other than the intended operator.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The schema hard-codes a specific assignee email as 'always,' forcing all created tasks to be attributed to one person regardless of user intent or authorization context. In a skill that automatically creates GitHub issues and syncs task records to Google Sheets, this can misroute work, expose personal identifying information, and enable unauthorized task assignment at scale.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal