ClawHub

Cognary Tasks is an AI-first task manager that turns your spoken thoughts into organized, actionable tasks instantly. Just speak naturally, and Cognary uses AI to prioritize, structure, and manage your to-dos for you. Less effort, more focus — productivity built for the AI era.

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Cognary task-manager helper, but users should treat its CLI install, API key, and delete capability with normal care.

Before installing, verify that cognary-cli is the intended npm package, use a dedicated Cognary API key if possible, and have the agent confirm the exact task ID and title before updates or deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest description says the skill triggers on any request about tasks, to-dos, task lists, reminders-as-tasks, or tracking action items, which is broad enough to activate in many ordinary conversations. Overbroad activation increases the chance the agent invokes a task-management skill in contexts the user did not explicitly intend, potentially causing unnecessary tool use or task operations with user data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill exposes a delete command for tasks but provides no warning, confirmation requirement, or recovery guidance. In an agent setting, this makes accidental or ambiguous deletions more likely, especially when the user refers to a task imprecisely or when the wrong task ID is selected.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal