ClawHub

4to1 Planner Bak

Security checks across malware telemetry and agentic risk

Overview

This planner mostly matches its stated purpose, but it should be reviewed because it stores account tokens in plaintext, can read and write sensitive planning data, and has package identity/setup inconsistencies.

Review the publisher and package identity before installing. Prefer the local Markdown backend or a dedicated low-privilege Notion/Todoist workspace, restrict ~/.config/4to1/config to owner-only permissions, rotate tokens if exposed, and preview any planned backend writes before allowing the agent to save them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README explicitly advertises that the AI 'reads your Notion/Todoist and knows where you stand' but does not warn users that connecting those services may expose personal tasks, schedules, project data, or other sensitive productivity information to the agent. In a planning skill, this kind of silent or under-disclosed data access is risky because users may reasonably assume benign coaching behavior without understanding the privacy implications of backend integrations.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation phrases are broad, everyday requests such as 'Do my weekly review' and 'What should I focus on today?' that can match normal assistant usage. Because this skill can write local files and interact with third-party services, accidental invocation could trigger sensitive data handling or modifications without the user intending to use this specific planner skill.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill tells users to store API keys in ~/.config/4to1/config, create local planning files, and send planning content to Notion/Todoist/Google services, but it does not present an explicit warning about credential storage, local persistence, or third-party transmission. The handled data includes long-term goals, habits, and workflow details, which can be sensitive personal information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script prompts for a Notion API key and writes it directly into a plaintext config file under the user's home directory without warning, permission hardening, or use of a secure secret store. If local files are exposed through backups, multi-user access, malware, or accidental sharing, the token could be used to access the user's Notion workspace content available to that integration.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Todoist API token is collected interactively and persisted in plaintext in the same config file, again without disclosure or access control safeguards. An attacker or other local process that can read the file may reuse the token to read or modify the user's tasks and project data through the Todoist API.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script executes `source "$CONFIG"` on a user-controlled file, which means running the status check will execute arbitrary shell commands contained in that config with the user's privileges. In a planning skill context, users expect configuration parsing, not code execution, so a malicious or tampered config can turn a harmless status command into local code execution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The template instructs the agent to pull sensitive planning data from a configured backend, including past reviews and behavioral lists, without telling the user that data access will occur or requesting confirmation. In a skill connected to Notion, Todoist, Google Calendar, or local files, this can lead to unexpected access to personal productivity records and over-collection of private information during a simple conversational trigger.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to write review outputs back to persistent records without notifying the user or obtaining approval. Because these updates include reflections, energy level, future tasks, and behavioral notes, silent writes could modify personal systems unexpectedly, create inaccurate records, or persist sensitive self-assessment data the user did not intend to save.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal