ClawHub

Plane Flow

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Plane project-management integration, but it grants broad authenticated write and file-upload authority with limited confirmation and upload scoping.

Install only in environments where the Plane API token is scoped appropriately and users understand that natural-language requests can create or change Plane records. Treat attachment paths carefully: only upload files the user explicitly selected, and avoid processing untrusted notes that contain image directives or local file paths unless an operator reviews them first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger description is broad enough to match generic project-management requests such as backlog, status, task assignment, and meeting-note processing, which could cause the skill to activate unexpectedly. Because the skill can perform authenticated writes to a Plane workspace, unintended invocation can lead to unauthorized or mistaken issue creation, reassignment, or status changes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The attachment upload flow reads an arbitrary local file path and sends the file contents to a presigned URL, which is an external destination outside the main Plane API origin. In an agent skill context, this creates a meaningful exfiltration risk if user prompts or upstream tool logic can cause sensitive local files to be attached without an explicit disclosure or allowlist check.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This code performs issue updates and may upload local images referenced in user-supplied descriptions without any built-in confirmation or disclosure that local files will be transmitted to the Plane service. In an agent setting, that creates a real risk of unintended exfiltration of local files or unintended modification of remote project data based on ambiguous or prompt-injected instructions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The helper accepts arbitrary file paths and uploads them as attachments during description/comment updates, but there is no warning, consent checkpoint, or path restriction visible here. In the context of an agent skill operating on a local/self-hosted workspace, that makes accidental disclosure of sensitive local files materially more dangerous.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal