ClawHub

Task Management

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local task-management skill, but its optional web server can expose and modify task data without authentication beyond the local machine.

Review before installing. Use it only if you are comfortable with a local task database and state-changing task commands. If you start the web UI, bind it to localhost or firewall it, and avoid using it on shared networks unless authentication is added. Prefer pinned releases or verified source instead of latest-download installs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases include very broad everyday expressions such as reminders and general task-related language, which can cause the skill to activate when the user did not intend to manage tasks through this tool. In context, accidental activation could lead to task creation, updates, cancellations, or other state-changing operations without sufficiently clear user intent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrase "我的任务" is ambiguous because it can naturally appear in routine conversation, not only when the user intends to invoke this specific skill. Since the skill supports multiple task lifecycle actions, accidental invocation could expose task metadata or steer the agent into unintended operational workflows.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrase "我的任务" is ambiguous because it can naturally appear in routine conversation, not only when the user intends to invoke this specific skill. Since the skill supports multiple task lifecycle actions, accidental invocation could expose task metadata or steer the agent into unintended operational workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal