ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SHrimp Tasks

v1.0.7

Task manager for AI agents. Works instantly — no account, no phone needed. 19 tools for nested task trees, batch ops, local storage, optional phone sync.

0· 79·0 current·0 all-time
by@banonanon
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims a local-first task manager and the only declared runtime requirement is npx, which is consistent with installing an npm-based MCP adapter. However several tool names (shrimp_inbox, shrimp_get_provider / shrimp_update_provider, shrimp_pipeline) imply access to external data (email, device activity, AI provider settings) that is not explained in the metadata (no required env vars or config paths). That could be legitimate via the paired iOS app, but the relationship is not described clearly.
!
Instruction Scope
SKILL.md instructs the agent/user to run npx @hermitsh/shrimp-mcp@1.0.6 and later npx ... pair. Running npx will download and execute code from the npm registry at runtime. The doc also says there's an 'anonymous daily ping' and a paired mode that can surface incoming email/shares; endpoints and exact data sent/read are not documented. The instructions don't ask the agent to read unrelated local files, but they do create/expect ~/.shrimp/tasks.json and perform network activity whose scope is not fully described.
!
Install Mechanism
There is no install spec in the registry entry; instead the SKILL.md relies on npx to fetch and execute @hermitsh/shrimp-mcp@1.0.6 from npm. npx-based installs execute remote package code at runtime (moderate risk). Also registry metadata lists version 1.0.7 while SKILL.md references 1.0.6 — a provenance/version mismatch that should be resolved before trusting the package.
Credentials
The skill declares no required environment variables or credentials, matching the 'no API key' claim. That is proportionate for local-only usage. However paired features claim access to inbox and provider settings — if those require additional credentials or escalate access, the SKILL.md does not declare or explain that. The anonymous daily ping is an explicit data transmission; its content and destination are not detailed.
Persistence & Privilege
The skill does not request always: true and does not declare system-wide config changes. It will store tasks locally at ~/.shrimp/tasks.json (expected for a task manager). Note: because the MCP adapter is fetched/executed via npx, the agent (when allowed) could autonomously invoke the installed adapter and cause network activity; this is normal but increases the impact of the other concerns above.
What to consider before installing
This skill is plausible but exercise caution before installing. Key concerns: (1) it uses npx to download and run an npm package at install time — inspect the package before executing; (2) SKILL.md mentions an anonymous daily ping and paired-mode inbox access, but gives no endpoints or data details; (3) the registry shows version 1.0.7 while the SKILL.md references 1.0.6, which is a provenance mismatch. Recommended steps before installing: - Verify the package on npm and its maintainers (npm page for @hermitsh/shrimp-mcp). Check the package's source repo and recent release notes. - Inspect the package contents (npm pack / tars) or view source on the repo to confirm what network calls and filesystem writes it performs (search for network endpoints, telemetry, or code that accesses mail/providers). - Confirm what 'paired mode' accesses and what data shrimp_feedback submits; ask the maintainer for exact endpoints and data schemas. - Run the adapter in an isolated environment or sandbox (or a disposable VM) first, and back up ~/.shrimp/tasks.json if you try local mode. - Resolve the version mismatch (1.0.6 vs 1.0.7) and prefer installing a package with a verifiable source (GitHub release or official project domain) rather than blindly running npx from an unknown account. If you cannot verify the package source and telemetry behavior, treat this skill as higher-risk and avoid installing it on machines with sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fzg55w5my12n9dwjnncjze584fc2d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦐 Clawdis
Binsnpx

Comments