ClawHub

Todo Tracker (CN)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local todo-tracking skill, but it may keep task history in long-lived local memory files.

Install only if you are comfortable with task names, timestamps, and completion details being written to local files beyond the main todo database. Avoid putting secrets, customer data, incident details, or credentials in task titles, and periodically review or clean the memory/history files if shared with other agents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The README presents four core actions, but later documents an additional automatic side effect: archiving task data into MEMORY.md. Undocumented persistence changes the skill's trust boundary because task titles and status may be stored beyond the immediate workflow, which can expose sensitive operational details or surprise users and downstream agents.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill writes task metadata into a separate global MEMORY.md file that is outside the primary todo JSON store and not necessary for core todo tracking. This creates an unexpected persistence channel that can leak sensitive task titles, timestamps, and progress across sessions or to other components that read the shared memory file.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Defining a global MEMORY.md path establishes a persistent side channel unrelated to the stated purpose of a todo tracker. In an agent environment, shared memory files are often consumed by other tools or later runs, so writing there can expose user tasks and operational context beyond the intended scope.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The README describes automatic archival of task data to MEMORY.md without clearly warning users that task contents will be persisted. In a task-tracking skill, users may include troubleshooting notes, system names, or incident details; silent retention increases privacy and data-handling risk, especially in shared or long-lived agent environments.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly states it stores todo data in ~/.openclaw/workspace/todo-current.json and auto-records task completion to ~/self-improving/corrections.md, but it does not clearly warn users that running the skill will modify local files. Undisclosed persistence can surprise users, overwrite existing data, or leak sensitive task information into long-lived files that may be consumed by other tools.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal