ClawHub

Task Automator

Security checks across malware telemetry and agentic risk

Overview

This broad automation skill is not malicious, but it needs review because its user-run scripts can move or overwrite files and its documentation promotes API and scheduled workflows without tight controls.

Install only if you want a broad automation helper and are prepared to supervise it closely. Use dry-run first, review exact source and destination paths, avoid running it on broad or sensitive folders, require confirmation before moving or overwriting files, and do not connect real APIs, ecommerce stores, email alerts, or scheduled jobs until endpoints, credentials, and rollback plans are explicit.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (14)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises and documents file read/write automation capabilities but does not declare corresponding permissions. This can cause the agent or user to invoke a skill with broader filesystem effects than expected, undermining consent and safe capability scoping.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The description is broad enough to match many ordinary requests, including generic file operations, web scraping, and API work. Overly broad activation language increases the chance the skill is invoked in situations where the user did not intend to grant automation, file access, or network behavior.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Describing the skill as a 'universal task automation' tool without clear boundaries encourages over-selection and ambiguous trust decisions. In a skill ecosystem, boundaryless automation is risky because it may be chosen for sensitive tasks involving files, APIs, and recurring execution.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The file organizer example performs moves/organization of user files but does not prominently warn that it can alter directory contents and overwrite organizational expectations. This is dangerous because users may treat the example as harmless documentation and trigger data disruption or loss through misconfiguration.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The API sync example describes transmitting data between external services without a privacy or data handling warning. This creates risk of accidental exfiltration of sensitive records, misuse of credentials, or syncing data to an unintended third party.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The web monitor example includes polling external URLs and sending email alerts but does not clearly warn about outbound network activity or disclosure of monitored content. While common, this can still surprise users and leak commercially sensitive monitoring targets or results.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The order processing workflow can affect live business systems by fetching orders, updating inventory, generating labels, and sending emails, yet it lacks a clear warning about production impact. In operational environments, mistaken execution could change fulfillment state, customer communications, or inventory integrity.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The file organizer performs real bulk filesystem modifications by moving every file from a configured source directory into destination subfolders, with only a generic CLI interface and an optional dry-run flag. If the config is wrong, overly broad, or supplied by an untrusted party, this can unintentionally reorganize or effectively hide user files at scale, causing data disruption and operational impact.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The data converter writes to an arbitrary output path from configuration without warning about overwriting existing files or modifying the filesystem. In an automation skill, config may be reused or generated dynamically, so a mistaken or attacker-influenced output path could replace important files or create unintended files in sensitive locations accessible to the current user.

External Transmission

Medium
Category
Data Exfiltration
Content
{
  "source": {
    "type": "api",
    "url": "https://api.source.com/data",
    "auth": "bearer_token"
  },
  "destination": {
Confidence
82% confidence
Finding
https://api.source.com/

External Transmission

Medium
Category
Data Exfiltration
Content
},
  "destination": {
    "type": "api",
    "url": "https://api.dest.com/items",
    "auth": "api_key"
  },
  "mapping": {
Confidence
82% confidence
Finding
https://api.dest.com/

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: task-automator
description: Automate repetitive computer tasks including file operations, data processing, web scraping, and API integrations. Use when you need to batch process files, sync data, schedule recurring tasks, or create custom automation workflows.
---

# Task Automator
Confidence
84% confidence
Finding
schedule recurring task

Session Persistence

Medium
Category
Rogue Agent
Content
python scripts/run_task.py --task file_organizer --config tasks/organize.json
```

### Schedule a Recurring Task

```bash
python scripts/schedule_task.py --task data_backup --cron "0 2 * * *"
Confidence
87% confidence
Finding
Schedule a Recurring Task

Session Persistence

Medium
Category
Rogue Agent
Content
### schedule_task.py

Schedule recurring tasks.

**Arguments:**
- `--task` - Task name
Confidence
86% confidence
Finding
Schedule recurring task

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal