ClawHub

Moltbot Plugin 2do

Security checks across malware telemetry and agentic risk

Overview

The skill’s main task-to-2Do behavior is coherent, but broad automatic triggering and an undeclared runtime npx fallback deserve review before installation.

Install only if you are comfortable with task text being emailed through your SMTP provider to 2Do. Use a dedicated SMTP account or app-specific password, build the project so it runs `dist/main.js`, and avoid the npx fallback. Because the trigger scope is broad, configure your agent to invoke it only for explicit task-creation requests or add a confirmation step before sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The documented trigger examples are broad enough that ordinary conversational statements about future plans or reminders could invoke the skill without a clear, intentional command. In this skill's context, unintended activation is more dangerous because invocation causes outbound transmission of user content via email to a configured 2Do inbox, creating a privacy and action-integrity risk.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The supported natural-language formats are defined too loosely and omit constraints that distinguish task commands from ordinary text. Because the skill performs an external side effect by sending email, ambiguous parsing can cause accidental task creation and leakage of content the user did not intend to export.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill documentation does not prominently warn users that task content will be transmitted through SMTP to an external mailbox monitored by 2Do. In this context, users may reasonably assume local processing, so missing disclosure materially increases the chance that sensitive reminders, work details, or personal data are sent off-platform without informed consent.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation instructs users to configure SMTP credentials but does not clearly emphasize their sensitivity, the risks of storing them insecurely, or the consequences of misconfiguration such as sending through the wrong account. That omission can lead to credential exposure or unintended disclosure of all task traffic through an insecure or unauthorized mail path.

Vague Triggers

High
Confidence
95% confidence
Finding
The skill advertises trigger phrases that overlap heavily with normal conversation such as reminders and casual statements about future actions. In an agent environment, this can cause unintended activation and silently send user content out via email to 2Do, creating a privacy and action-integrity risk even without malicious code.

Vague Triggers

High
Confidence
93% confidence
Finding
The examples normalize very common phrases like '帮我记一下' and '别忘了' as activation cues without showing any boundary checks or confirmation flow. Because these phrases commonly appear in ordinary chat, the skill may capture incidental conversation and turn it into outbound task creation, increasing the risk of unauthorized or accidental data transmission.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README describes natural-language task creation but does not clearly warn at the point of use that task contents are sent over SMTP and delivered to an external task service. Users may disclose sensitive personal or work information believing it stays inside the chat system, leading to unintended third-party exposure.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger description is very broad and overlaps with ordinary conversation such as mentioning future plans or saying 'remember to', which can cause the skill to activate when the user did not clearly intend to send data to a task manager. In this skill's context, unintended activation is more dangerous because execution results in task content being transmitted externally via email.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation states that parsed task content is sent to the user's configured 2Do inbox by email, but it does not prominently warn that user-entered content leaves the assistant environment and is transmitted through external email/SMTP infrastructure. Because task text may contain personal schedules, work items, or sensitive reminders, users may unknowingly disclose private information to third-party systems.

Ssd 3

Medium
Confidence
97% confidence
Finding
The design explicitly includes the user's full original input in the outbound email body, which can capture unrelated sensitive information, extra context, or incidental secrets beyond the minimum needed to create the task. In a skill whose core function is external transmission over email, this broad data inclusion meaningfully increases privacy exposure and data minimization failures.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal