ClawHub

rem

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed macOS Reminders CLI integration, with real but expected risks around installing an external CLI and allowing it to modify reminders and agent skill files.

Install only if you trust the rem project and its installer source. Prefer reviewing or pinning the installer when possible, grant Reminders access only if you are comfortable with the CLI and agent reading or changing those reminders, and use deletion, import, --force, or --agent all commands only when you explicitly intend those effects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The documented `rem skills install/uninstall/status` commands extend the tool's scope from reminder management into modifying AI-agent configuration directories. That is a genuine security-relevant capability because it can change agent behavior and persist files outside the expected reminders domain, increasing supply-chain and persistence risk if invoked by an agent or user without clear scrutiny.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Managing files under `~/.claude/skills/`, `~/.agents/skills/`, and `~/.openclaw/skills/` is a capability unrelated to core reminder operations and enables persistence inside AI-agent environments. In a skill context, this is more dangerous because the documented feature can install code or prompts that affect future agent sessions, making it a meaningful boundary expansion beyond normal reminder CRUD behavior.

Missing User Warnings

Low
Confidence
72% confidence
Finding
The uninstall command removes files from agent-specific directories, but the reference does not explicitly warn that this alters local AI-agent configuration. In isolation this is a low-severity documentation issue, but in this skill context it matters because these directories influence agent behavior and persistence across sessions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal