ClawHub

Planning With Files

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent planning helper that writes local markdown notes, with no hidden network, credential, or destructive behavior.

Install this only if you want agents to keep persistent local planning notes in your project. Review or delete task_plan.md, findings.md, and progress.md before committing, sharing, or switching tasks, and tell the agent not to use this workflow for sensitive work where persistent notes are undesirable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger guidance is broad enough to activate this skill for many routine tasks, including tasks that may not benefit from persistent on-disk planning. Over-invocation increases the chance the agent creates unnecessary files, accumulates stale context, and applies the workflow in situations where it may expose user data or cause unintended workspace modification.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to create and update persistent files in the project root, but it does not require a user-facing notice or consent before modifying the workspace. This can lead to unexpected file creation, repository pollution, or persistence of task context in environments where writes should be minimized or reviewed first.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The template explicitly directs the agent to write code to files before executing, but it provides no guardrails about confirming file targets, avoiding overwrites, or warning the user about modification side effects. In a file-based planning skill, this can normalize unreviewed workspace changes and lead to accidental overwrites or unintended edits, especially when used across long multi-step tasks.

Ssd 3

Medium
Confidence
93% confidence
Finding
The instruction to record any discovery and all errors encourages indiscriminate persistence of task data, which may include secrets, personal data, internal URLs, credentials in error output, or proprietary material. Because the files are stored locally and updated throughout execution, sensitive information can be retained longer than necessary and later exposed through commits, sharing, or subsequent agent runs.

Ssd 3

Medium
Confidence
90% confidence
Finding
The session recovery flow tells the agent to read prior planning files and continue work, which can reintroduce previously stored sensitive data into a new session without fresh user intent or review. This creates cross-session data retention risk and may cause confidential context from one task or user interaction to influence later work unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal