ClawHub

Google Tasks

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Google Tasks integration, but it can modify live tasks and stores OAuth tokens locally, so users should handle deletion and token files carefully.

Install only if you are comfortable granting read/write access to your Google Tasks. Keep credentials.json and token.json private, avoid shared or committed workspaces, and ask the agent to show the exact list and task before deleting anything.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README explicitly documents task deletion but does not warn that the action is destructive or may be difficult to undo. In an agent skill context, this increases the chance of accidental data loss because users or higher-level agents may invoke deletion commands without understanding the consequences.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The description includes broad trigger phrases such as check, view, list, get, add, create, remove, and delete for general task-related requests. Overly broad invocation language can cause the skill to activate in situations the user did not specifically intend, which is more dangerous here because the skill supports destructive actions like deletion and authenticated API calls.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explains how to delete tasks by number or title but does not warn that deletion is destructive or recommend an explicit confirmation step. In a skill that can act on live user data through OAuth, omission of confirmation guidance materially raises the chance of accidental or unauthorized task deletion.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The setup documentation instructs users to persist OAuth credentials in `token.json` and notes that subsequent runs can use and refresh those credentials automatically, but it does not warn that this file contains bearer/refresh tokens that must be protected. If stored with weak filesystem permissions, committed to source control, or shared accidentally, an attacker could reuse the tokens to access and manipulate the user's Google Tasks without re-authenticating.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script performs an irreversible delete operation immediately once it resolves a task identifier, with no confirmation step, dry-run mode, or explicit safety interlock. In an agent skill context, this increases the chance of accidental or unintended deletion caused by ambiguous user input, wrong task indexing, or automation mistakes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code writes OAuth tokens, including refresh tokens, to token.json on disk without warning the user or applying any file-permission hardening or secret storage protections. If the working directory is shared, backed up insecurely, or readable by other local users/processes, the stored token can be stolen and used to access or manipulate the user's Google Tasks data persistently.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal