ClawHub

Task Interrupt Pro

Security checks across malware telemetry and agentic risk

Overview

This skill is meant to stop stuck agent tasks, but it has real process-killing authority and some under-scoped local file handling that users should review before installing.

Install only if you intentionally want an agent to stop local subprocesses. Verify the target SESSION_ID before use, avoid broad natural-language auto-triggers, and consider moving state files out of shared /tmp into a private runtime directory before relying on it. Do not use it for tasks where forced termination could corrupt important work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger set includes broad phrases such as task stuck/unresponsive language that can plausibly appear in normal conversation, which can cause the interrupt routine to activate unintentionally. In this skill's context, unintended activation is dangerous because the documented behavior includes terminating running subprocesses, potentially causing loss of work or disruption of unrelated agent activity.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill prominently documents escalation to SIGKILL/`kill -9`, but does not present an equally prominent warning that forceful termination can corrupt state, drop partial output, or bypass cleanup handlers. Because the purpose of the skill is destructive process interruption, lack of explicit risk communication increases the chance of unsafe use and operator error.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger list includes broad natural-language phrases such as '停止我的任务', 'agent任务卡住', and '进程无响应', which can match ordinary support or status messages rather than a deliberate request to invoke a privileged interrupt skill. In a skill designed to stop running subtasks or kill processes, overly broad activation increases the risk of accidental or adversarial invocation, causing unintended disruption or denial of service within the agent workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal