ClawHub

TAPD

Security checks across malware telemetry and agentic risk

Overview

This TAPD helper is not malware, but it should be reviewed because it can touch business project records and send Enterprise WeChat messages without clear boundaries or confirmation rules.

Install only if you intend the agent to use TAPD MCP with your project/account permissions. Before enabling it, require explicit approval for edits, comments, status changes, Enterprise WeChat messages, and any recurring daily notification, and confirm it is limited to the TAPD projects and recipients you authorize.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill introduces an enterprise WeChat messaging action that is outside the declared TAPD-focused project-management scope, creating an undocumented side-effect capability. This expands the agent from reading/updating TAPD records into external communication, which can enable unintended data exfiltration, unauthorized notifications, or social-engineering actions if the skill is triggered in routine TAPD workflows.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The top-level description is broad enough to match many ordinary TAPD-related requests, which increases the chance of over-activation. Overly permissive activation can cause the agent to use this skill in contexts where the user did not intend TAPD actions, leading to unnecessary data access or unintended state changes in project records.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The usage section presents many broad scenarios across multiple roles without defining boundaries, exclusions, or approval requirements. In practice, that can normalize invoking the skill for a wide range of requests and increase the risk of excessive access, mistaken cross-role use, or unauthorized updates in TAPD.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal