ClawHub

Delegate Task

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent and not malicious, but it gives broad cloud delegation, auto-import, and upload authority without enough user approval and data-safety guardrails.

Review before installing. Use this only if you are comfortable with an external OpenSpace service receiving delegated task details and potentially acting on code, infrastructure, web, or desktop contexts. Require explicit approval for each delegation, avoid sensitive repositories or credentials unless intentionally shared, disable automatic cloud imports where possible, and inspect evolved skills before any public upload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The delegation criteria are broad enough that an agent could invoke OpenSpace for tasks it could safely handle locally, increasing unnecessary exposure to an external MCP service. In this skill, that risk is amplified because delegated tasks may trigger cloud-backed search, execution, and downstream skill evolution without any explicit user consent gate.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill advertises cloud delegation and community skill sharing but does not clearly warn that task contents, local context, or skill artifacts may be transmitted off-system. This creates a real data exposure risk because users or calling agents may delegate sensitive coding, DevOps, or desktop-automation work without understanding that prompts, environment details, or generated skills could leave the local trust boundary.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documented default for search_skills includes auto-import of top cloud skills into the local environment, but the skill does not warn that untrusted third-party artifacts may be downloaded automatically. In the context of a system that 'collectively evolve[s] reusable skills,' this increases supply-chain risk and could introduce unsafe or malicious instructions into the local agent environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal