ClawHub
Back to skill

Security audit

Automation Framework

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only automation planning skill with expected scheduling and monitoring guidance, but users should confirm any recurring or side-effecting automation before acting on it.

Install only if you want an agent to help design automated or scheduled workflows. Before using any output, confirm whether the task is one-time or recurring, set retry and timeout limits, decide where logs are stored, and approve any alerts, file operations, or system registrations explicitly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad terms such as '自动化', '调度', and 'cron', which can plausibly appear in many benign conversations and may cause the skill to activate outside the user's intent. Because this skill is designed around scheduled and automatic task execution, accidental activation is more dangerous than for a passive reference skill: it can steer the agent toward initiating or proposing automation flows without explicit user confirmation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill presents automated and scheduled execution as a core capability but does not warn users that actions may be recurring, delayed, condition-triggered, or retried automatically. In this context, the omission increases risk because users may not realize they are authorizing persistent or repeated behavior, which can lead to unintended task execution, resource consumption, or repeated side effects.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal