Flowdo

Security checks across malware telemetry and agentic risk

Overview

FlowDo is a simple local task-list shell utility with some documentation mismatch, but no evidence of network access, credential use, hidden execution, or destructive behavior.

Install only if you are comfortable with a basic local task-list tool rather than the full kanban workflow described. Avoid putting secrets or highly sensitive notes in task text because entries and command history are stored locally under the FlowDo data directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The script’s behavior and self-description do not match the advertised skill purpose. A user expecting a kanban/workflow manager would instead receive a generic utility that performs persistent local logging and data export, which creates a trust and transparency problem and can hide unexpected data handling behind a misleading manifest.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The inline documentation explicitly labels the tool as a 'Multi-purpose utility tool,' contradicting the skill metadata that presents it as FlowDo, a task/workflow manager. This inconsistency increases the risk of deceptive deployment or operator confusion, making users more likely to invoke capabilities they did not intend to trust.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The logging helper writes command activity and arguments to a persistent history file without any notice, consent, retention policy, or controls. Even though this appears to be local-only storage, it can capture sensitive task names or user-supplied content unexpectedly, which is risky in an agent skill context where inputs may contain private data.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The add command appends arbitrary user-provided content to a persistent data file with no warning that the data will be retained. In a skill environment, users may provide sensitive workflow notes or secrets assuming ephemeral handling, so silent persistence increases confidentiality and privacy risk.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal