ClawHub

Task Persistence

Security checks across malware telemetry and agentic risk

Overview

This skill keeps task and session recovery records locally in the workspace, with no evidence of hidden network transfer or malicious behavior.

Install if you want local task recovery across restarts. Be aware it creates persistent JSON records that may include task descriptions, checkpoint data, and session snapshot content you provide; use it only with the intended workspace path and avoid snapshotting sensitive conversation data unless you want it stored locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill advertises executable scripts that read environment variables, read and write workspace files, and likely interact with MCP-like capabilities, but it declares no permissions or equivalent capability boundaries. This creates a transparency and policy-enforcement gap: a caller or platform may treat the skill as lower risk than it is, while the documented commands clearly persist state and inspect environment-driven paths.

Tp4

High
Category
MCP Tool Poisoning
Confidence
80% confidence
Finding
The documented behavior goes beyond simple 'task continuity' and includes queue management, prioritization, recovery actions, archival of task state, and mention of a background monitoring mode. When a skill's declared purpose understates these control-plane functions, users and orchestrators may invoke it without understanding that it can modify persistent execution state, reorder or recover tasks, and write status artifacts across restarts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal