ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Taskboard Cli

v3.0.1

Lightweight task management CLI for multi-agent workflows. SQLite backend, no external dependencies or credentials. Status-change hooks emit agent instructio...

0· 101·0 current·0 all-time
byBingji Guo@ckouder
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The package's name/description and the included script indicate a local SQLite-backed CLI with no required credentials — that matches most of the code. However, reference docs include optional GitHub and webhook integrations that require external tokens and network calls (GITHUB_TOKEN, Discord webhooks). Another reference (taskboard-setup.md) describes a taskboard.json storage model that contradicts the actual SQLite schema and scripts. These documentation inconsistencies mean the stated purpose ('no external dependencies or credentials') is not uniformly true across the repository.
Instruction Scope
SKILL.md and scripts/taskboard.py implement only local DB operations and emit hook lines to stdout; hooks are intentionally formatted for agents to read and act on. That is within scope. However, the references show example wrapper scripts and cron/webhook patterns that would parse hook output and make network calls — those wrappers live outside the skill but the docs teach how to wire them up. Also the CLI allows an arbitrary --db path, which can read/write any file the running user allows; this is expected functionality but worth noting as an escalation vector if the DB path is pointed at sensitive files.
Install Mechanism
No install spec is provided and no external packages are automatically downloaded; the skill ships source files (Python + SQL) and appears to be instruction-only in terms of installation. This is low-risk from installation mechanics.
!
Credentials
Registry metadata declares no required environment variables or primary credential, and the CLI itself doesn't require env vars. But references/github-backend.md explicitly instructs using GITHUB_TOKEN and shows curl commands that would send that token. references/webhook-integration.md shows storing webhook URLs/tokens in config. These are optional integrations, but the SKILL.md's blanket claim of 'no credentials' is misleading; users could be prompted to provide sensitive tokens to adapters described in the docs.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and is not persistent beyond its files. It creates/uses a local DB (default scripts/taskboard.db) which is reasonable for a CLI tool. The ability to override --db is normal but should be used carefully.
What to consider before installing
What to consider before installing: - The shipped Python CLI (scripts/taskboard.py) appears to be a local SQLite tool and does not itself make network calls — that part is coherent and low-risk. - The reference docs, however, describe optional GitHub and webhook integrations that require you to supply tokens (e.g., GITHUB_TOKEN, Discord webhooks) and run wrapper scripts that perform network requests. These integrations are not declared in the registry metadata — treat them as opt-in and only provide secrets to trusted processes. - Documentation inconsistencies: one reference uses a JSON file-based model (taskboard.json) while the actual code uses SQLite; this suggests stale or copy-pasted docs. Verify which backend you will use before relying on automation. - The CLI lets you override the DB path (--db). Don't point it at system or sensitive files; running the tool with a path you don't control could read/overwrite data with the running user's permissions. - Hooks are printed to stdout and may contain instructions that an agent could act on (e.g., send messages, spawn sessions). Ensure your agents do not auto-execute hook output unless you trust the source and have validation/sanitization in place. - Recommended actions: inspect the full scripts/taskboard.py (including the truncated portion), run the tool in an isolated/sandbox environment, and if you enable GitHub/webhook integrations, use least-privilege tokens and separate service accounts. If anything in the references will be run automatically by an agent, require explicit user approval before providing credentials or enabling networked wrappers.

Like a lobster shell, security has layers — review code before you run it.

latestvk977p0af33gc2ab93cq4g7te7d837em2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments