Back to skill

Security audit

clawpilot-work-report-en

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent work-report purpose, but it can read broad cross-app notification history from ambiguous prompts without a clear per-run consent step.

Install only if you are comfortable with the agent reading local notification history for the selected day or week. Configure the app and group scope during setup, avoid broad prompts unless you intend a notification-based report, and review or redact names, projects, deadlines, and approvals before sharing the output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
94% confidence
Finding
The trigger list includes broad natural-language phrases like "what you did today" and "work summary," which can cause the skill to activate in situations where the user did not clearly intend to authorize reading notification history. Because this skill accesses highly sensitive cross-app notification data, unintended invocation materially increases privacy and data-exposure risk.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill describes extracting work activity from notifications across messaging, email, calendar, approvals, and project tools but does not prominently warn users that sensitive personal and workplace data will be read and summarized. Without clear disclosure and consent, users may unknowingly expose confidential messages, names, deadlines, and internal business context.

Ssd 3

Medium
Confidence
88% confidence
Finding
The instruction to retain original project names, person names, and deadlines increases the chance that the generated report will reproduce confidential or personally identifiable workplace information verbatim. If the report is sent to a leader, posted to a workbench, or viewed in a broader audience than the original notifications, this can leak sensitive details beyond their original context.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill encourages broad use of all work-related notification content as source material, aggregating messages from multiple platforms into a single summary. This cross-source consolidation can surface private conversations, approvals, and operational details that users did not intend to combine or disclose together, magnifying confidentiality risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.