ClawHub

Todo Planner

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local todo logger that runs a Bash script and stores entries on the user's machine.

Install only if you are comfortable running a local Bash script and keeping todo text in local plaintext log/export files. Do not store passwords, secrets, or highly sensitive personal or work information in entries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The implementation materially overstates the advertised todo-planning functionality: it does not model tasks, priorities, deadlines, overdue state, or weekly views, and instead stores arbitrary free-form text in append-only logs. In an agent-skill context, this mismatch is security-relevant because users or higher-level agents may trust the skill with planning workflows or sensitive task data under false assumptions about structure, validation, and purpose limitation.

Context-Inappropriate Capability

Low
Confidence
82% confidence
Finding
The script exposes broader data-handling features than its stated purpose, including cross-log search, bulk export, recent activity/history inspection, and status reporting over all stored entries. While not overtly malicious, this expands the skill's operational scope and increases the chance that unrelated or sensitive user-entered content can be aggregated, surfaced, or exfiltrated in ways users would not expect from a simple todo planner.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The skill description uses broad productivity-oriented wording such as adding tasks, planning agendas, tracking progress, and reviewing items, which can cause over-broad activation in normal conversation. In an agent setting, this increases the chance the skill is invoked on sensitive user content and then persists that content to local logs without the user explicitly intending durable storage.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown says data is stored locally in flat log files and can be exported, but it does not prominently warn users that task contents are retained in plaintext and may include sensitive personal or work information. This creates a realistic confidentiality risk because users may enter credentials, private notes, project details, or other sensitive content assuming a transient planning interaction.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal