ClawHub

gtasks-cli

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate Google Tasks CLI helper, but it gives an agent authenticated authority to delete task data and exposes a client secret in troubleshooting guidance without enough guardrails.

Install only if you are comfortable giving an agent access to your Google Tasks account through gtasks. Before using it, avoid echoing client secrets, keep token files private, and require a clear confirmation step for any delete or bulk-change request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger description is broad enough to activate on generic productivity or to-do requests, which can cause the agent to invoke this skill in contexts where the user did not clearly request Google Tasks. That increases the chance of unintended access to authenticated task data or unintended modifications to a user's task lists.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents destructive delete operations for task lists without requiring an explicit confirmation step from the user before execution. In an authenticated CLI context, this can lead to accidental irreversible deletion of user data from Google Tasks if the agent acts on ambiguous or mistaken instructions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The test cleanup example uses `gtasks tasklists rm <<< "1"` to delete a task list by index without any explicit warning, confirmation handling, or strong guarantee that index 1 is the temporary test list just created. In documentation for an automation-capable CLI, this can normalize unsafe deletion patterns and lead to accidental data loss if users copy the snippet into a non-test context or if list ordering differs.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The quick reference explicitly instructs users to print GTASKS_CLIENT_ID and GTASKS_CLIENT_SECRET to the terminal. While the client ID is typically non-secret, the client secret is sensitive and displaying it can expose credentials through terminal scrollback, screen sharing, logs, shell history wrappers, or recorded sessions. In a CLI skill context, users may copy-paste these commands during troubleshooting, making accidental disclosure more likely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal