Taskr - Persistent Task Planning & Execution for AI Agents

Security checks across malware telemetry and agentic risk

Overview

Taskr is a disclosed cloud task-management skill whose sensitive behavior is expected for its purpose, though users should protect its API key and avoid storing secrets in persistent notes.

Install only if you trust the Taskr cloud service for the projects you plan to track. Use a scoped or separate API key/project where possible, rotate the key if exposed, and avoid putting secrets, customer data, or sensitive internal details into task titles, descriptions, or notes because they are designed to persist and support cross-agent handoff.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The setup section instructs users to retrieve and configure a long-lived API key and project ID, but it does not explicitly warn that the key is sensitive, should not be pasted into chat logs, committed to repositories, or shared with other agents unintentionally. In a skill centered on persistent cross-session/cloud task execution, this omission increases the chance of credential leakage through normal workflow and troubleshooting behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal