Back to skill

Security audit

Task Engine

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local task-orchestration skill, but it needs Review because it includes unsafe destructive reset guidance and sends raw task text into downstream agent prompts.

Review before installing in a real workspace. Do not run the documented `rm -rf` reset against live task data; use an isolated `TASK_ENGINE_TASKS_DIR` for testing. Avoid secrets or untrusted instructions in task titles, descriptions, notes, and acceptance criteria, and review Discord settings before posting generated task summaries externally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation clearly instructs use of shell commands and references reading and writing task files under fixed workspace paths, yet no permissions are declared. This creates a trust and enforcement gap: an agent or platform may invoke filesystem and shell-capable behavior without explicit user-visible authorization boundaries, increasing the chance of unintended command execution or task data modification.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The design explicitly sends task status, progress, blockers, and urgent alerts to Discord, an external service, but does not describe any consent, minimization, redaction, or privacy warning. Because the engine is intended to orchestrate real project work and may include branch names, file paths, plans, blockers, and other sensitive operational details, this creates a real risk of unintended data disclosure to third-party infrastructure and broader audiences in the Discord server.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The design describes passive monitoring of git commits, file modifications, and agent session liveness to infer progress, but does not document notice, consent, scope limits, or retention. Even if intended for orchestration, this is surveillance-like behavior that can expose developer activity patterns and repository/workspace metadata, especially in a multi-agent environment where monitoring may occur continuously via heartbeat.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill description highlights orchestration and tracking but omits a clear warning that task content, progress, alerts, and summaries may be formatted for and reported through Discord. Because task descriptions and notes can contain sensitive project details, users may disclose data to an external service without informed consent.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
python3 -m pytest tests/ -v

# Also run the end-to-end manual test:
rm -rf /home/zeron/.openclaw/workspace/tasks
python3 scripts/task_engine.py create "E2E test" --priority P1 --json
python3 scripts/task_engine.py transition TASK-001 approve --json
python3 scripts/task_engine.py dispatch TASK-001 "Dev work" --agent claude-code --type dev --json
Confidence
93% confidence
Finding
rm -rf /

Tool Parameter Abuse

High
Category
Tool Misuse
Content
python3 -m pytest tests/ -v

# Also run the end-to-end manual test:
rm -rf /home/zeron/.openclaw/workspace/tasks
python3 scripts/task_engine.py create "E2E test" --priority P1 --json
python3 scripts/task_engine.py transition TASK-001 approve --json
python3 scripts/task_engine.py dispatch TASK-001 "Dev work" --agent claude-code --type dev --json
Confidence
93% confidence
Finding
rm -rf /home/zeron/.openclaw/workspace/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.destructive_delete_command

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
CLAUDE.md:186