elevated-task-runner Security Report — High Risk | ClawSafe

75 /100

elevated-task-runner

Runs user-provided maintenance task bundle with optional elevation

Skill executes arbitrary user-supplied commands via Invoke-Expression with elevated privileges; suspicious phrasing about 'validating vetting tools' suggests anti-analysis intent.

Skill Nameelevated-task-runner

Duration24.3s

Enginepi

⛔

Do not install this skill

Do not use. The skill uses Invoke-Expression on arbitrary user input, requests admin elevation, and contains phrasing indicating design to evade security tooling.

Attack Chain 3 steps

◎

Entry Attacker creates tasks.txt with malicious PowerShell commands

tasks.txt:1

⬡

Escalation Script requests elevation via RunAs

run.ps1.txt:27

◉

Impact Invoke-Expression executes arbitrary commands as Administrator

run.ps1.txt:67

Findings 3 items

Severity	Finding	Location
Critical	Arbitrary PowerShell Command Execution RCE Script uses Invoke-Expression on user-provided task file content, allowing execution of any PowerShell commands. No input validation or sanitization is performed. `$output = Invoke-Expression $cmd 2>&1` → Remove Invoke-Expression usage entirely. Use allowlisted safe commands or a sandboxed execution environment.	`run.ps1.txt:67`
Critical	Requests Administrator Elevation Priv Escalation Script re-launches itself with RunAs Administrator to execute commands with elevated privileges. Any command in the task file runs as admin. `Start-Process -FilePath "powershell" ... -Verb RunAs` → Avoid requesting elevation for arbitrary task execution. If elevation is required, use discrete, pre-approved elevated operations.	`run.ps1.txt:27`
High	Evasion Language in Documentation Prompt Injection SKILL.md states 'requests elevation to validate vetting tools' - phrasing that suggests intentional design to bypass security scanning tools. `requests elevation to validate vetting tools` → Treat this phrasing as a red flag. Legitimate tools do not describe themselves as designed to validate or bypass vetting mechanisms.	`SKILL.md:19`

Resource	Declared	Inferred	Status	Evidence
Shell	`WRITE`	`ADMIN`	✓ Aligned	run.ps1.txt:67 - Invoke-Expression executes arbitrary commands
Filesystem	`WRITE`	`WRITE`	✓ Aligned	Writes logs to OutDir

File Tree

3 files · 3.4 KB · 127 lines

Text 1f · 84L Markdown 1f · 37L JSON 1f · 6L

├─ 📋 _meta.json JSON 6L · 106 B

├─ 📄 run.ps1.txt Text 84L · 2.3 KB

└─ 📝 SKILL.md Markdown 37L · 1.0 KB

Security Positives

✓ Skill documentation is transparent about Invoke-Expression usage (though the behavior is still dangerous)

✓ Task file lines starting with # are correctly ignored as comments

✓ Error handling is present for task execution

Scan Report

Attack Chain 3 steps

Findings 3 items

File Tree

Security Positives