ClawHub

Todo

Security checks across malware telemetry and agentic risk

Overview

This is a local todo/reminder skill that stores task data on disk as disclosed, with no evidence of network access, credential use, or hidden behavior.

Install if you want a local todo memory. Avoid storing secrets or highly sensitive personal details in items, and periodically review or clear ~/.openclaw/workspace/memory/todo if you no longer want those tasks retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill explicitly describes local file storage and multiple Python scripts that read and write under the user's home directory, but it declares no permissions. That mismatch is a real security and governance issue because users and orchestrators cannot accurately evaluate or constrain what the skill can access, even if the stated storage scope is narrow and local-only.

Vague Triggers

High
Confidence
84% confidence
Finding
The activation criteria are very broad, covering common phrases like needing to remember, plan, prioritize, or feeling overwhelmed. This can cause the skill to trigger in many ordinary conversations, leading to unexpected file writes of sensitive personal intentions, commitments, or reminders without sufficiently clear user intent to invoke persistent storage.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest description is broad enough to trigger on a wide range of everyday planning, remembering, prioritization, and emotional-overwhelm contexts without clear scope limits. In an agent environment, this can cause over-activation, unnecessary capture of sensitive personal task data, and displacement of more appropriate specialized skills or core assistant behavior.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal