ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Smart Todo - AI智能代办管理

v1.0.0

智能代办管理 Skill。用于管理日常任务和代办事项,支持优先级标记(P0-P1)、 状态跟踪、智能重复检测、上下文保存、定时提醒等功能。 当用户需要添加、查看、更新代办,或检测到工作中断时自动使用。

0· 67·1 current·1 all-time
by@13770626440
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (todo management, context capture, duplicate detection, reminders) is consistent with the included Python modules. The code implements scanning of the workspace for recently modified files, reading .workbuddy/memory markdown files, capturing environment info, and writing markdown todo files to a storage_path. Minor inconsistency: SKILL.md examples show a Windows path (D:\knowledge\代办) while assets/config.json defaults to a home-directory path (~/smart-todo-data). This is likely a documentation/config mismatch but not by itself malicious.
!
Instruction Scope
SKILL.md explicitly instructs the agent to capture '当前打开的文件、最近的文件修改、对话历史(最近10条)' and the code implements workspace-wide os.walk scans (limited to certain file types and counts) and reading .workbuddy/memory markdown files. Critically, SKILL.md states that if the user refuses creating a todo during an interruption, the skill will '仍静默保存上下文供后续参考' (still silently save the context). That silent-save behavior is scope-creep/privacy-sensitive and not something most users would expect from a todo helper.
Install Mechanism
No install spec is provided (instruction-only + included scripts). Nothing is downloaded or executed from external URLs during install. This is the lower-risk pattern compared to remote installers.
Credentials
The skill requests no environment variables or external credentials. However, it reads local filesystem contents (recent files, .workbuddy memory files), captures current working directory and writes files under storage_path (default ~/smart-todo-data). Access to arbitrary files in the user's workspace is proportionate to an auto 'context-capture' feature but potentially exposes sensitive local data; the lack of explicit consent for silent saves increases disproportion.
!
Persistence & Privilege
The skill will create/modify files under storage_path (active.md, archive.md) — expected for a todo manager. It does not request 'always: true', but the platform default allows autonomous invocation. Combined with the SKILL.md claim that it may automatically capture and silently save context during detected interruptions, this increases the privacy blast radius because the agent could run this skill and store local context even when the user declines.
What to consider before installing
What to consider before installing: - Privacy: The skill scans your workspace for recently modified files and reads .workbuddy/memory/*.md to extract paths and conversation snippets. If your workspace contains secrets or private files, those could be captured into todo context. - Silent saving: SKILL.md explicitly says it will silently save context even if the user refuses creating a todo. If you want explicit consent control, edit SKILL.md or the code before enabling automatic triggers. - Storage location: assets/config.json defaults to ~/smart-todo-data. Change storage_path to a dedicated directory you control (preferably not a repo root or a directory containing secrets) before first run. - Audit & sandbox: Review scripts/context_capture.py and scripts/todo_manager.py line-by-line (they are included) or run the skill in a sandboxed environment first. Look for any places you’d like to disable (e.g., reading .workbuddy memory or os.walk behavior). - Configuration changes: Consider lowering or disabling automatic 'work interruption' triggers, or modify the flow so that nothing is saved unless the user explicitly confirms. Also limit how many files are read or remove heuristics that parse other markdown files. - Backup: Because the skill will create and overwrite active.md/archive.md, back up any existing files that might be overwritten. If you want, I can point out exact lines in the two Python files that implement the workspace scan, .workbuddy memory read, and the 'silent save' behavior so you can edit them safely.

Like a lobster shell, security has layers — review code before you run it.

duplicate-detectionvk9785cmmzwy63c4z7ds4tc840d83yq5ylatestvk9785cmmzwy63c4z7ds4tc840d83yq5yproductivityvk9785cmmzwy63c4z7ds4tc840d83yq5ytask-managementvk9785cmmzwy63c4z7ds4tc840d83yq5ytodovk9785cmmzwy63c4z7ds4tc840d83yq5y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments