Cn Todo Today
Security checks across malware telemetry and agentic risk
Overview
This is a simple local todo-list skill that stores todos in a disclosed home-directory JSON file and shows no network, credential, or hidden execution behavior.
Installing this should be low risk if you are comfortable with it creating and modifying ~/.cn_todo_today.json. Be aware that todo text is stored locally in plain JSON, and the documented command examples may need --text or --id flags to work with the script.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.