OpenClaw TODO List

Security checks across malware telemetry and agentic risk

Overview

This appears to be a scoped task-tracking skill that stores TODO and DONE state in local files, with no evidence of credential use, network transfer, destructive behavior, or deception.

Install if you want persistent local task tracking. Expect the skill to create or update files under memory/todo, including TODO.md and DONE.md, and avoid using it for sensitive tasks unless you are comfortable with that text being stored locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The spec instructs the agent to create directories and files under memory/todo and persist task data, but it does not require any user-facing notice or confirmation before modifying local state. In an agent setting, silent writes can surprise users, overwrite prior state expectations, and create privacy or integrity issues because task content may be stored without explicit consent.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The lifecycle directs the agent to remove entries from TODO.md and append them to DONE.md, which are state-changing file operations, yet the spec provides no requirement to warn the user that persistent files will be edited. This is risky because an agent could silently alter records, causing unexpected state transitions, auditability gaps, or accidental loss/confusion if users did not intend persistent tracking.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal