ClawHub

Auto Workflow 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a simple automation skill, but it pushes the agent to create scripts, scheduled tasks, and automatic sending without clear permission checks.

Install only if you want a proactive automation assistant. Require your agent to ask before writing or running scripts, scheduling jobs, collecting data, sending messages, or changing files, tools, or accounts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to 'directly do it' and not wait for the user to ask, which overrides normal user-consent boundaries and expands behavior beyond the stated trigger conditions. In a workflow-automation context, this is especially dangerous because autonomous script creation or execution can change systems, access data, or send communications without explicit approval.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad and common in normal conversation, making unintended invocation more likely. Because this skill can produce automation workflows and scripts, accidental activation increases the chance of overreaching assistance or unsafe operational guidance when the user only meant to discuss efficiency at a high level.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill frames its output as 'automation workflow + execution script' without requiring safety checks, approval gates, or warnings about system impact. In this context, encouraging script implementation as a default output can lead to file changes, API calls, scheduled jobs, or other state-changing actions being proposed or prepared without adequate safeguards.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example normalizes automatic scheduled execution and email sending without mentioning user approval, recipient validation, or privacy controls. That is risky because reporting workflows often process operational or sensitive business data, and automatic transmission can disclose information externally or send incorrect content at scale.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description 'Builds automation workflows from repetitive tasks' is broad and does not clearly constrain the circumstances under which the skill should be invoked. In an agent environment, overly broad routing criteria can cause the skill to trigger for loosely related requests, increasing the chance of unintended automation actions, overreach into sensitive tasks, or unsafe workflow generation without sufficient user intent verification.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal