topydo

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward topydo/todo.txt command guide with normal local task-management risks but no evidence of hidden or malicious behavior.

Install topydo only from a trusted package source, and treat commands that delete, archive, edit, sort, or bulk-complete tasks as data-changing actions. Preview matching tasks first and confirm the exact task IDs or filters before allowing the agent to run destructive commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description includes very broad activation cues such as 'use for any task management, todo lists, or when the user mentions tasks, todos, or todo.txt,' which can cause the agent to invoke this skill in many loosely related contexts. Over-broad triggering increases the chance of unintended execution of task-management commands, including state-changing operations, on user data without sufficiently explicit intent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents destructive deletion commands, including bulk deletion by expression, without warning the operator to confirm scope or preview affected tasks. In an agent setting, this creates a realistic risk of accidental or overbroad data loss if a natural-language request is mapped to `topydo del` or `topydo del -e` without explicit user confirmation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal