Back to skill
Skillv1.0.3
VirusTotal security
To-Do · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:26 AM
- Hash
- 309965e59336d8bee58cde825edaf954454cfb469f94909d87f0fc50ebe6394d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: to-do Version: 1.0.3 The `to-do.js` skill contains multiple command injection vulnerabilities across both Windows and Linux/macOS platforms. User-controlled input, specifically the `<instruction>` argument for scheduling and the `<ID>` argument for deletion (on Linux/macOS), is not sufficiently sanitized before being passed to `child_process.exec`. While `SKILL.md` attempts to instruct the AI agent to avoid shell meta-characters, this relies on the agent's adherence and does not fix the underlying code vulnerabilities, making the skill susceptible to prompt injection attacks leading to arbitrary command execution. For example, on Windows, the `flatInstruction` passed to `schtasks /tr` is vulnerable to quote breaking, and on Linux/macOS, `agentCommand` is unsafely embedded within double quotes in an `echo` command, allowing shell metacharacters like `$(command)` to execute. The `atrm ${id}` command on Linux/macOS also lacks quoting, making it vulnerable to injection if the ID contains shell metacharacters.
- External report
- View on VirusTotal