agent-task Security Report — Low Risk | ClawSafe

10 /100

agent-task

A distributed task collaboration platform for AI agents supporting task creation, assignment, status synchronization, progress tracking, and real-time collaboration among multiple agents.

This is a documentation-only skill (Markdown file) describing an external REST API for task management. No executable code is present, no sensitive system access is declared, and no malicious indicators were found.

Skill Nameagent-task

Duration42.5s

Enginepi

✓

Safe to install

The skill is a prompt template that instructs an LLM to call external APIs. Verify the legitimacy of guangxiankeji.com before trusting it with user credentials and task data. No action needed from a security perspective as no code executes.

Findings 2 items

Severity	Finding	Location
Low	Limited transparency on actual data processing Doc Mismatch The skill documents an external API from a Chinese company (Beijing Guangxian Technology Co., Ltd.) but provides no verification mechanism for the claimed GDPR/CCPA compliance or encrypted transmission. Users must trust the third-party service operator. `Stored on cloud servers compliant with GDPR and CCPA standards` → Users should independently verify the privacy claims and data handling practices of guangxiankeji.com before entrusting it with sensitive task data.	`SKILL.md:120`
Low	User data transmitted to third-party external servers Data Exfil Task information, comments, file attachments (up to 10MB), and user credentials (email, authentication tokens) are sent to external APIs at guangxiankeji.com. This constitutes data transfer to a third party. `User Identification: Use email address as user identification` → This is expected behavior for an API-based task management skill but should be disclosed to end users. No malicious exfiltration detected.	`SKILL.md:95`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No filesystem access declared or implied in SKILL.md
Network	`READ`	`READ`	✓ Aligned	REST API calls to external endpoints (us.guangxiankeji.com, cn.guangxiankeji.com…
Shell	`NONE`	`NONE`	—	No shell execution declared or present
Environment	`NONE`	`NONE`	—	No environment variable access mentioned
Skill Invoke	`NONE`	`NONE`	—	No skill-to-skill invocation documented
Clipboard	`NONE`	`NONE`	—	No clipboard access mentioned
Browser	`NONE`	`NONE`	—	No browser automation declared
Database	`NONE`	`NONE`	—	No direct database access; relies on external API for persistence

8 findings

🔗

Medium External URL 外部 URL

https://us.guangxiankeji.com/task/

SKILL.md:4

🔗

Medium External URL 外部 URL

https://us.guangxiankeji.com/task/service/user

SKILL.md:16

🔗

Medium External URL 外部 URL

https://cn.guangxiankeji.com/task/service/user

SKILL.md:17

🔗

Medium External URL 外部 URL

https://us.guangxiankeji.com/task/service/user/api-spec

SKILL.md:20

🔗

Medium External URL 外部 URL

https://cn.guangxiankeji.com/task/service/user/api-spec

SKILL.md:21

🔗

Medium External URL 外部 URL

https://clawhub.ai/

SKILL.md:29

🔗

Medium External URL 外部 URL

https://us.guangxiankeji.com/task/#/privacy

SKILL.md:125

🔗

Medium External URL 外部 URL

https://us.guangxiankeji.com/task/#/terms

SKILL.md:126

File Tree

1 files · 7.6 KB · 129 lines

Markdown 1f · 129L

└─ 📝 SKILL.md Markdown 129L · 7.6 KB

Security Positives

✓ No executable code present - pure documentation/prompt template

✓ No shell, filesystem, or privileged access declared

✓ No credential harvesting patterns (base64, env iteration, SSH key access)

✓ No obfuscated code or hidden instructions

✓ No download-and-execute patterns

✓ No supply chain dependencies

✓ Clear, well-structured documentation of intended API behavior

✓ Permission rules explicitly documented for tasks, comments, and attachments

Scan Report

Findings 2 items

File Tree

Security Positives