ClawHub

Workflow Automation Cn

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only automation helper whose script generation and scheduling behavior are disclosed and aligned with its purpose.

Before installing or using this skill, plan to inspect every generated script, confirm any API calls or publishing actions, keep real tokens in environment variables or a secret store, and remove heartbeat tasks when they should stop running.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill tells users to use environment variables for sensitive data, but the Telegram example hardcodes bot_token and chat_id directly in code. In a workflow generator, users are likely to copy these templates into real automation scripts, which can lead to credential leakage through source control, logs, backups, or shared workspace files.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The skill is invoked through broad, natural-language requests that can easily overlap with ordinary conversation, increasing the chance of accidental activation. In a skill that generates executable automation scripts and heartbeat tasks, unintended activation can cause creation or modification of persistent workflows without sufficiently explicit user intent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The creation trigger phrase is generic and resembles a normal request a user might make in chat, which raises the risk that the skill activates when the user only wanted advice or drafting help. Because this skill produces executable scripts and scheduling configuration, accidental activation has higher consequence than a purely informational skill.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal